Concierge-Auth
view release on metacpan or search on metacpan
examples/04-session-management.pl view on Meta::CPAN
=over 4
=item 1. B<Creation> - User authenticates, session token generated
=item 2. B<Validation> - Each request validates session token
=item 3. B<Refresh> - Update last active time on valid requests
=item 4. B<Expiration> - Sessions expire after timeout period
=item 5. B<Destruction> - Explicit logout or cleanup
=back
=head2 Security Features
=over 4
=item * Cryptographically secure session tokens
=item * Session timeout for idle sessions
=item * Validation on every request
=item * Clean session destruction
=item * No session data stored client-side
=back
=head2 Production Considerations
In a production system, consider:
=over 4
=item * Store sessions in database or cache (Redis/Memcached)
=item * Include IP address and User-Agent validation
=item * Implement session fixation protection
=item * Add CSRF token generation
=item * Log security events (login, logout, failures)
=item * Implement rate limiting for login attempts
=item * Support multiple concurrent sessions per user
=back
=head1 INTEGRATION EXAMPLE
# Web framework integration
use Concierge::Auth;
my $auth = Concierge::Auth->new({file => '/secure/path/users.db'});
my %sessions; # In production: use database/cache
# Login endpoint
sub handle_login {
my ($username, $password) = @_;
my ($success, $token) = create_session($username, $password);
if ($success) {
# Set secure cookie
set_cookie('session_token' => $token, {
secure => 1,
httponly => 1,
samesite => 'strict'
});
return success_response();
}
return error_response('Invalid credentials');
}
# Authentication middleware
sub authenticate_request {
my $token = get_cookie('session_token');
my $username = validate_session($token);
return $username || unauthenticated_response();
}
=head1 SEE ALSO
L<Concierge::Auth>, 05-api-keys.pl, 01-basic-authentication.pl
=cut
( run in 1.765 second using v1.01-cache-2.11-cpan-c966e8aa7e8 )