1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
NAME
Plack::Middleware::Session - Middleware for session management
SYNOPSIS
use Plack::Builder;
my $app = sub {
my $env = shift;
my $session = $env->{'psgix.session'};
return [
200,
[ 'Content-Type' => 'text/plain' ],
[ "Hello, you've been here for ", $session->{counter}++, "th time!" ],
];
};
builder {
enable 'Session';
$app;
};
# Or, use the File store backend (great if you use multiprocess server)
# For more options, see perldoc Plack::Session::Store::File
builder {
enable 'Session', store => 'File';
$app;
};
DESCRIPTION
This is a Plack Middleware component for session management. By default
it will use cookies to keep session state and store data in memory.
This distribution also comes with other state and store solutions. See
perldoc for these backends how to use them.
It should be noted that we store the current session as a hash
reference in the psgix.session key inside the $env where you can access
it as needed.
NOTE: As of version 0.04 the session is stored in psgix.session instead
of plack.session.
State
Plack::Session::State
This will maintain session state by passing the session through the
request params. It does not do this automatically though, you are
responsible for passing the session param.
Plack::Session::State::Cookie
This will maintain session state using browser cookies.
Store
Plack::Session::Store
This is your basic in-memory session data store. It is volatile
storage and not recommended for multiprocessing environments. However
it is very useful for development and testing.
Plack::Session::Store::File
This will persist session data in a file. By default it uses Storable
but it can be configured to have a custom serializer and
deserializer.
Plack::Session::Store::Cache
This will persist session data using the Cache interface.
Plack::Session::Store::Null
Sometimes you don't care about storing session data, in that case you
can use this noop module.
OPTIONS
The following are options that can be passed to this module.
state
This is expected to be an instance of Plack::Session::State or an
object that implements the same interface. If no option is provided
the default Plack::Session::State::Cookie will be used.
store
This is expected to be an instance of Plack::Session::Store or an
object that implements the same interface. If no option is provided
the default Plack::Session::Store will be used.
It should be noted that this default is an in-memory volatile store
is only suitable for development (or single process servers). For a
more robust solution see Plack::Session::Store::File or
Plack::Session::Store::Cache.
PLACK REQUEST OPTIONS
In addition to providing a psgix.session key in $env for persistent
session information, this module also provides a psgix.session.options
key which can be used to control the behavior of the module
per-request. The following sub-keys exist:
change_id
If set to a true value, forces the session identifier to change
(rotate). This should always be done after logging in, to prevent
session fixation attacks from subdomains; see
http://en.wikipedia.org/wiki/Session_fixation#Attacks_using_cross-sub
domain_cooking
expire
If set to a true value, expunges the session from the store, and
clears the state in the client.
no_store
If set to a true value, no changes made to the session in this
request will be saved to the store. Either "expire" and "change_id"
take precedence over this, as both need to update the session store.
late_store
If set to a true value, the session will be saved at the end of the
request, after all data has been sent to the client -- this may be
required if streaming responses attempt to alter the session after
the header has already been sent to the client. Note, however, that
it introduces a possible race condition, where the server attempts to
store the updated session before the client makes the next request.
For redirects, or other responses on which the client needs do
minimal processing before making a second request, this race is quite
possible to win -- causing the second request to obtain stale session
data.
id
This key contains the session identifier of the session. It should be
considered read-only; to generate a new identifier, use "change_id".
BUGS
All complex software has bugs lurking in it, and this module is no
exception. If you find a bug please either email me, or add the bug to
cpan-RT.
AUTHOR
Tatsuhiko Miyagawa
Stevan Little <stevan.little@iinteractive.com>
COPYRIGHT AND LICENSE
Copyright 2009, 2010 Infinity Interactive, Inc.
http://www.iinteractive.com
This library is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.
|
