GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  DANCER::SESSION::COOKIE (3)

.ds Aq ’

NAME

Dancer::Session::Cookie - Encrypted cookie-based session backend for Dancer

CONTENTS

VERSION

version 0.25

SYNOPSIS

Your config.yml:



    session: "cookie"
    session_cookie_key: "this random key IS NOT very random"



DESCRIPTION

This module implements a session engine for sessions stored entirely in cookies. Usually only <B>session idB> is stored in cookies and the session data itself is saved in some external storage, e.g. database. This module allows to avoid using external storage at all.

Since server cannot trust any data returned by client in cookies, this module uses cryptography to ensure integrity and also secrecy. The data your application stores in sessions is completely protected from both tampering and analysis on the client-side.

CONFIGURATION

The setting <B>sessionB> should be set to cookie in order to use this session engine in a Dancer application. See Dancer::Config.

A mandatory setting is needed as well: <B>session_cookie_keyB>, which should contain a random string of at least 16 characters (shorter keys are not cryptographically strong using AES in CBC mode).

Here is an example configuration to use in your config.yml:



    session: "cookie"
    session_cookie_key: "kjsdf07234hjf0sdkflj12*&(@*jk"



Compromising <B>session_cookie_keyB> will disclose session data to clients and proxies or eavesdroppers and will also allow tampering, for example session theft. So, your config.yml should be kept at least as secure as your database passwords or even more.

Also, changing <B>session_cookie_keyB> will have an effect of immediate invalidation of all sessions issued with the old value of key.

<B>session_cookie_pathB> can be used to control the path of the session cookie. The default is /.

The global <B>session_secureB> setting is honoured and a secure (https only) cookie will be used if set.

DEPENDENCY

This module depends on Session::Storage::Secure. Legacy support is provided using Crypt::CBC, Crypt::Rijndael, String::CRC32, Storable and MIME::Base64.

SEE ALSO

See Dancer::Session for details about session usage in route handlers.

See Plack::Middleware::Session::Cookie, Catalyst::Plugin::CookiedSession, session in Mojolicious::Controller for alternative implementation of this mechanism.

AUTHORS

o Alex Kapranoff <kappa@cpan.org>
o Alex Sukria <sukria@cpan.org>
o David Golden <dagolden@cpan.org>
o Yanick Champoux <yanick@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2014 by Alex Kapranoff.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 DANCER::SESSION::COOKIE (3) 2016-04-04

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.