MATSUNO★Tokuhiro > HTTP-Session2-0.04 > HTTP::Session2::Base



Annotate this POD


View/Report Bugs
Source   Latest Release: HTTP-Session2-0.05


HTTP::Session2 - Abstract base class for HTTP::Session2


This is an abstract base class for HTTP::Session2.

Common Methods ^

my $session = HTTP::Session2::*->new(%args)

Create new instance.

hmac_function: CodeRef

This module uses HMAC to sign the session data. You can choice HMAC function for security enhancements and performance tuning.

Default: \&Digest::SHA::sha1_hex

session_cookie: HashRef

Options for session cookie. For more details, please look Cookie::Baker.


            httponly => 1,
            secure   => 0,
            name     => 'hss_session',
            path     => '/',
xsrf_cookie: HashRef

HTTP::Session2 generates 2 cookies. One is for session, other is for XSRF token. This parameter configures parameters for XSRF token cookie. For more details, please look Cookie::Baker.


            httponly => 0,
            secure   => 0,
            name     => 'XSRF-TOKEN',
            path     => '/',

Note: httponly flag should be false. Because this parameter should be readable from JavaScript. And it does not decrease security.

$session->get($key: Str)

Get a value from session.

$session->set($key: Str, $value:Any)

Set a value to session. This means you can set any Serializable data to the storage.

$session->remove($key: Str)

Remove the value from session.

$session->validate_xsrf_token($token: Str)
    my $token = $req->header('X-XSRF-TOKEN') || $req->param('XSRF-TOKEN');
    unless ($session->validate_xsrf_token($token)) {
        return Plack::Response->new(
            'Missing XSRF token'

Validate XSRF token. If the XSRF token is valid, return true. False otherwise.


Get a XSRF token in string.

$session->finalize_plack_response($res: Plack::Response)

Finalize cookie headers and inject it to Plack::Response instance.

syntax highlighting: