The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.

NAME

Dancer2::Session::Cookie - Dancer 2 session storage in secure cookies

VERSION

version 0.008

SYNOPSIS

# In Dancer 2 config.yml file

session: Cookie
engines:
  session:
    Cookie:
      secret_key:           your secret passphrase
      default_duration:     604800
      with_request_address: 0

DESCRIPTION

This module implements a session factory for Dancer 2 that stores session state within a browser cookie. Features include:

See Session::Storage::Secure for implementation details and important security caveats.

ATTRIBUTES

secret_key (required)

This is used to secure the cookies. Encryption keys and message authentication keys are derived from this using one-way functions. Changing it will invalidate all sessions.

default_duration

Number of seconds for which the session may be considered valid. If cookie_duration is not set as part of the session configuration, this is used instead to expire the session after a period of time, regardless of the length of the browser session. It is unset by default, meaning that sessions expiration is not capped.

with_request_address

If set to true, the secret key will have the request address (as provided by <$request-address>>) appended to it. This can help defeat some replay attacks (e.g. if the channel is not secure). But it will also cause session interruption for people on dynamic addresses.

SEE ALSO

CPAN modules providing cookie session storage (possibly for other frameworks):

AUTHOR

David Golden dagolden@cpan.org

COPYRIGHT AND LICENSE

This software is Copyright (c) 2013 by David Golden.

This is free software, licensed under:

The Apache License, Version 2.0, January 2004