debian man page for dancer::session::cookie

Debian Man Pages All Man Pages Latest Topics Forum Categories

Query: dancer::session::cookie

OS: debian

Section: 3pm

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

Dancer::Session::Cookie(3pm)				User Contributed Perl Documentation			      Dancer::Session::Cookie(3pm)


NAME

       Dancer::Session::Cookie - Encrypted cookie-based session backend for Dancer


SYNOPSIS

       Your config.yml:

	   session: "cookie"
	   session_cookie_key: "this random key IS NOT very random"


DESCRIPTION

       This module implements a session engine for sessions stored entirely in cookies. Usually only session id is stored in cookies and the
       session data itself is saved in some external storage, e.g.  database. This module allows one to avoid using external storage at all.

       Since server cannot trust any data returned by client in cookies, this module uses cryptography to ensure integrity and also secrecy. The
       data your application stores in sessions is completely protected from both tampering and analysis on the client-side.


CONFIGURATION

       The setting session should be set to "cookie" in order to use this session engine in a Dancer application. See Dancer::Config.

       A mandatory setting is needed as well: session_cookie_key, which should contain a random string of at least 16 characters (shorter keys are
       not cryptographically strong using AES in CBC mode).

       Here is an example configuration to use in your config.yml:

	   session: "cookie"
	   session_cookie_key: "kjsdf07234hjf0sdkflj12*&(@*jk"

       Compromising session_cookie_key will disclose session data to clients and proxies or eavesdroppers and will also allow tampering, for
       example session theft. So, your config.yml should be kept at least as secure as your database passwords or even more.

       Also, changing session_cookie_key will have an effect of immediate invalidation of all sessions issued with the old value of key.

       session_cookie_path can be used to control the path of the session cookie.  The default is /.

       The global session_secure setting is honoured and a secure (https only) cookie will be used if set.


DEPENDENCY

       This module depends on Crypt::CBC, Crypt::Rijndael, String::CRC32, Storable and MIME::Base64.


AUTHOR

       This module has been written by Alex Kapranoff.


SEE ALSO

       See Dancer::Session for details about session usage in route handlers.

       See Plack::Middleware::Session::Cookie, Catalyst::Plugin::CookiedSession, "session" in Mojolicious::Controller for alternative
       implementation of this mechanism.


COPYRIGHT

       This module is copyright (c) 2009-2010 Alex Kapranoff <kappa@cpan.org>.


LICENSE

       This module is free software and is released under the same terms as Perl itself.

perl v5.14.2							    2011-12-20					      Dancer::Session::Cookie(3pm)
Related Man Pages
catalyst::plugin::session::state::cookie(3pm) - debian
dancer::cookie(3pm) - debian
dancer::cookies(3pm) - debian
dancer::plugin::flashmessage(3pm) - debian
dancer::session::abstract(3pm) - debian
Similar Topics in the Unix Linux Community
idcheck: 2.0.15 released.
Cookie authenticationn
Cookie to Turn on and Off Site Animations