.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{ . if \nF \{ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "Dancer::Session::Cookie 3pm" .TH Dancer::Session::Cookie 3pm "2014-08-13" "perl v5.18.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Dancer::Session::Cookie \- Encrypted cookie\-based session backend for Dancer .SH "VERSION" .IX Header "VERSION" version 0.25 .SH "SYNOPSIS" .IX Header "SYNOPSIS" Your \fIconfig.yml\fR: .PP .Vb 2 \& session: "cookie" \& session_cookie_key: "this random key IS NOT very random" .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This module implements a session engine for sessions stored entirely in cookies. Usually only \fBsession id\fR is stored in cookies and the session data itself is saved in some external storage, e.g. database. This module allows one to avoid using external storage at all. .PP Since server cannot trust any data returned by client in cookies, this module uses cryptography to ensure integrity and also secrecy. The data your application stores in sessions is completely protected from both tampering and analysis on the client-side. .SH "CONFIGURATION" .IX Header "CONFIGURATION" The setting \fBsession\fR should be set to \f(CW\*(C`cookie\*(C'\fR in order to use this session engine in a Dancer application. See Dancer::Config. .PP A mandatory setting is needed as well: \fBsession_cookie_key\fR, which should contain a random string of at least 16 characters (shorter keys are not cryptographically strong using \s-1AES\s0 in \s-1CBC\s0 mode). .PP Here is an example configuration to use in your \fIconfig.yml\fR: .PP .Vb 2 \& session: "cookie" \& session_cookie_key: "kjsdf07234hjf0sdkflj12*&(@*jk" .Ve .PP Compromising \fBsession_cookie_key\fR will disclose session data to clients and proxies or eavesdroppers and will also allow tampering, for example session theft. So, your \fIconfig.yml\fR should be kept at least as secure as your database passwords or even more. .PP Also, changing \fBsession_cookie_key\fR will have an effect of immediate invalidation of all sessions issued with the old value of key. .PP \&\fBsession_cookie_path\fR can be used to control the path of the session cookie. The default is /. .PP The global \fBsession_secure\fR setting is honoured and a secure (https only) cookie will be used if set. .SH "DEPENDENCY" .IX Header "DEPENDENCY" This module depends on Session::Storage::Secure. Legacy support is provided using Crypt::CBC, Crypt::Rijndael, String::CRC32, Storable and MIME::Base64. .SH "SEE ALSO" .IX Header "SEE ALSO" See Dancer::Session for details about session usage in route handlers. .PP See Plack::Middleware::Session::Cookie, Catalyst::Plugin::CookiedSession, \*(L"session\*(R" in Mojolicious::Controller for alternative implementation of this mechanism. .SH "AUTHORS" .IX Header "AUTHORS" .IP "\(bu" 4 Alex Kapranoff .IP "\(bu" 4 Alex Sukria .IP "\(bu" 4 David Golden .IP "\(bu" 4 Yanick Champoux .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" This software is copyright (c) 2014 by Alex Kapranoff. .PP This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.