The setting <B>sessionB> should be set to cookie in order to use this session
engine in a Dancer application. See Dancer::Config.
A mandatory setting is needed as well: <B>session_cookie_keyB>, which should
contain a random string of at least 16 characters (shorter keys are
not cryptographically strong using AES in CBC mode).
Here is an example configuration to use in your config.yml:
Compromising <B>session_cookie_keyB> will disclose session data to
clients and proxies or eavesdroppers and will also allow tampering,
for example session theft. So, your config.yml should be kept at
least as secure as your database passwords or even more.
Also, changing <B>session_cookie_keyB> will have an effect of immediate
invalidation of all sessions issued with the old value of key.
<B>session_cookie_pathB> can be used to control the path of the session
cookie. The default is /.
The global <B>session_secureB> setting is honoured and a secure (https
only) cookie will be used if set.