table of contents
Plack::Middleware::Session::Cookie(3pm) | User Contributed Perl Documentation | Plack::Middleware::Session::Cookie(3pm) |
NAME¶
Plack::Middleware::Session::Cookie - Session middleware that saves session data in the cookie
SYNOPSIS¶
enable 'Session::Cookie', session_key => 'my_session', expires => 3600, # 1 hour secret => 'top-secret' ;
DESCRIPTION¶
This middleware component allows you to use the cookie as a sole cookie state and store, without any server side storage to do the session management. This middleware utilizes its own state and store automatically for you, so you can't override the objects.
CONFIGURATIONS¶
This middleware is a subclass of Plack::Middleware::Session and accepts most configuration of the parent class. In addition, following options are accepted.
- secret
- Server side secret to sign the session data using HMAC SHA1. Defaults to
nothing (i.e. do not sign) but strongly recommended to set your own
secret string.
Unless you use your own serializer/deserializer, running this middleware without setting a secret is vulnerable to arbitrary code execution. In the future release it will be required to set the secret.
- session_key, domain, expires, path, secure, httponly, samesite
- Accessors for the cookie attributes. See Plack::Session::State::Cookie for these options.
AUTHOR¶
Tatsuhiko Miyagawa
SEE ALSO¶
Rack::Session::Cookie <http://www.rubydoc.info/github/rack/rack/Rack/Session/Cookie> Dancer::Session::Cookie
2024-09-28 | perl v5.38.2 |