Concierge-Auth

 view release on metacpan or  search on metacpan

examples/04-session-management.pl  view on Meta::CPAN

=over 4

=item 1. B<Creation> - User authenticates, session token generated

=item 2. B<Validation> - Each request validates session token

=item 3. B<Refresh> - Update last active time on valid requests

=item 4. B<Expiration> - Sessions expire after timeout period

=item 5. B<Destruction> - Explicit logout or cleanup

=back

=head2 Security Features

=over 4

=item * Cryptographically secure session tokens

=item * Session timeout for idle sessions  

=item * Validation on every request

=item * Clean session destruction

=item * No session data stored client-side

=back

=head2 Production Considerations

In a production system, consider:

=over 4

=item * Store sessions in database or cache (Redis/Memcached)

=item * Include IP address and User-Agent validation

=item * Implement session fixation protection

=item * Add CSRF token generation

=item * Log security events (login, logout, failures)

=item * Implement rate limiting for login attempts

=item * Support multiple concurrent sessions per user

=back

=head1 INTEGRATION EXAMPLE

    # Web framework integration
    use Concierge::Auth;
    
    my $auth = Concierge::Auth->new({file => '/secure/path/users.db'});
    my %sessions;  # In production: use database/cache
    
    # Login endpoint
    sub handle_login {
        my ($username, $password) = @_;
        
        my ($success, $token) = create_session($username, $password);
        if ($success) {
            # Set secure cookie
            set_cookie('session_token' => $token, {
                secure   => 1,
                httponly => 1,
                samesite => 'strict'
            });
            return success_response();
        }
        return error_response('Invalid credentials');
    }
    
    # Authentication middleware  
    sub authenticate_request {
        my $token = get_cookie('session_token');
        my $username = validate_session($token);
        
        return $username || unauthenticated_response();
    }

=head1 SEE ALSO

L<Concierge::Auth>, 05-api-keys.pl, 01-basic-authentication.pl

=cut



( run in 1.765 second using v1.01-cache-2.11-cpan-c966e8aa7e8 )