This is used to secure the cookies. Encryption keys and message
authentication keys are derived from this using one-way functions.
Changing it will invalidate all sessions.
Number of seconds for which the session may be considered valid. If
cookie_duration is not set, this is used instead to expire the session
after a period of time, regardless of the length of the browser
session. It is unset by default, meaning that sessions expiration is
not capped.
SYNOPSIS
# In Dancer 2 config.yml file
session: Cookie
engines:
session:
Cookie:
secret_key: your secret passphrase
default_duration: 604800
DESCRIPTION
This module implements a session factory for Dancer 2 that stores
session state within a browser cookie. Features include:
* Data serialization and compression using Sereal
* Data encryption using AES with a unique derived key per cookie
* Enforced expiration timestamp (independent of cookie expiration)
* Cookie integrity protected with a message authentication code (MAC)
See Session::Storage::Secure for implementation details and important
security caveats.
SEE ALSO
CPAN modules providing cookie session storage (possibly for other
frameworks):
* Dancer::Session::Cookie -- Dancer 1 equivalent to this module
* Catalyst::Plugin::CookiedSession -- encryption only
* HTTP::CryptoCookie -- encryption only
* Mojolicious::Sessions -- MAC only
* Plack::Middleware::Session::Cookie -- MAC only
* Plack::Middleware::Session::SerializedCookie -- really just a
framework and you provide the guts with callbacks
* Dancer2::Core::Role::SessionFactory -- documentation of the base
package, some more attributes to configure the cookie
POD ERRORS
Hey! The above document had some coding errors, which are explained
below:
Around line 1:
Unknown directive: =attr
Around line 7:
Unknown directive: =attr