view release on metacpan or  search on metacpan

lib/Dancer2/Session/Cookie.pm  view on Meta::CPAN

=back

See L<Session::Storage::Secure> for implementation details and important
security caveats.

=head1 ATTRIBUTES

=head2 secret_key (required)

This is used to secure the cookies.  Encryption keys and message authentication
keys are derived from this using one-way functions.  Changing it will
invalidate all sessions.

=head2 default_duration

Number of seconds for which the session may be considered valid.  If
C<cookie_duration> is not set as part of the session configuration,
this is used instead to expire the session after
a period of time, regardless of the length of the browser session.  It is
unset by default, meaning that sessions expiration is not capped.

=head2 with_request_address

If set to C<true>, the secret key will have the request address
(as provided by C<<$request->address>>)
appended to it. This can help defeat some replay attacks 
(e.g. if the channel is not secure).
But it will also cause session interruption for people on dynamic addresses.

=for Pod::Coverage method_names_here
generate_id

=head1 SEE ALSO

CPAN modules providing cookie session storage (possibly for other frameworks):

=over

=item * 

L<Dancer::Session::Cookie> -- Dancer 1 equivalent to this module

=item * 

L<Catalyst::Plugin::CookiedSession> -- encryption only

=item * 

L<HTTP::CryptoCookie> -- encryption only

=item * 

L<Mojolicious::Sessions> -- MAC only

=item * 

L<Plack::Middleware::Session::Cookie> -- MAC only

=item * 

L<Plack::Middleware::Session::SerializedCookie> -- really just a framework and you provide the guts with callbacks

=item *

L<Dancer2::Core::Role::SessionFactory> -- documentation of the base package, some more attributes to configure the cookie

=back

=head1 AUTHOR

David Golden <dagolden@cpan.org>

=head1 COPYRIGHT AND LICENSE

This software is Copyright (c) 2018, 2016, 2014 by David Golden.

This is free software, licensed under:

  The Apache License, Version 2.0, January 2004

=cut