NAME

HTTP::Session2 - Abstract base class for HTTP::Session2

DESCRIPTION

This is an abstract base class for HTTP::Session2.

Common Methods

"my $session = HTTP::Session2::*->new(%args)": Create new instance.

hmac_function: CodeRef

This module uses HMAC to sign the session data. You can choice HMAC function for security enhancements and performance tuning.

Default: "\&Digest::SHA::sha1_hex"

session_cookie: HashRef

Options for session cookie. For more details, please look Cookie::Baker.

Default:

        +{
            httponly => 1,
            secure   => 0,
            name     => 'hss_session',
            path     => '/',
        },

xsrf_cookie: HashRef

HTTP::Session2 generates 2 cookies. One is for session, other is for XSRF token. This parameter configures parameters for XSRF token cookie. For more details, please look Cookie::Baker.

Default:

        +{
            httponly => 0,
            secure   => 0,
            name     => 'XSRF-TOKEN',
            path     => '/',
        },

Note: "httponly" flag should be false. Because this parameter should be readable from JavaScript. And it does not decrease security.

"$session->get($key: Str)"

Get a value from session.

"$session->set($key: Str, $value:Any)"

Set a value to session. This means you can set any Serializable data to the storage.

"$session->remove($key: Str)"

Remove the value from session.

"$session->validate_xsrf_token($token: Str)"

    my $token = $req->header('X-XSRF-TOKEN') || $req->param('XSRF-TOKEN');
    unless ($session->validate_xsrf_token($token)) {
        return Plack::Response->new(
            403,
            [],
            'Missing XSRF token'
        );
    }

Validate XSRF token. If the XSRF token is valid, return true. False otherwise.

"$session->xsrf_token()"

Get a XSRF token in string.

"$session->finalize_plack_response($res: Plack::Response)"

Finalize cookie headers and inject it to Plack::Response instance.