Dancer-Plugin-SecureSessionID
view release on metacpan - search on metacpan
view release on metacpan or search on metacpan
lib/Dancer/Plugin/SecureSessionID.pm view on Meta::CPAN
package Dancer::Plugin::SecureSessionID;
use Modern::Perl;
use Carp 'croak';
use Dancer ':syntax';
use Dancer::Plugin;
use Dancer::Session::Abstract ();
use Crypt::OpenSSL::Random ();
use MIME::Base64 ();
=head1 NAME
Dancer::Plugin::SecureSessionID - A secure replacement of Dancer's built-in session id generator
=head1 VERSION
Version 0.02
=cut
our $VERSION = '0.02';
=head1 SYNOPSIS
use Dancer::Plugin::SecureSessionID;
use_secure_session_id;
=head1 DESCRIPTION
This plugin overrides the C<build_id()> method in L<Dancer::Session::Abstract|Dancer::Session::Abstract> and make use of L<Crypt::OpenSSL::Random|Crypt::OpenSSL::Random> to get really secure random session ids.
=head1 METHODS
=head2 C<< use_secure_session_id([ %options ]) >>
In a previous version of the module, the options ware passed into C<Crypt::Random::makerandom_octet(...)>. For compatibility reasons, the option-keys Strength, Length and Skip are still valid. B<Other option-keys are no longer supported>.
The defaults are Strength=1 and Length=16. These options can be set with plugin settings, too.
use_secure_session_id(Length => 20, Uniform => 1, Skip => 512);
same as:
plugins:
SecureSessionID:
Length: 20
Uniform: 1
Skip: 512
The result is encoded with C<base64url()>. A length of 16 random bytes results in 22 characters.
=cut
register use_secure_session_id => sub {
my %options = (
Length => 16,
Strength => 1,
%{ plugin_setting || {} },
@_
);
warn "option 'Uniform' is deprecated" if $options{Uniform};
view all matches for this distributionview release on metacpan - search on metacpan
( run in 1.388 second using v1.00-cache-2.02-grep-82fe00e-cpan-2c419f77a38b )