Plack::Middleware::Session::Cookie - Session middleware that saves session data
in the cookie
enable 'Session::Cookie',
session_key => 'my_session',
expires => 3600, # 1 hour
secret => 'top-secret'
;
This middleware component allows you to use the cookie as a sole cookie state
and store, without any server side storage to do the session management. This
middleware utilizes its own state and store automatically for you, so you
can't override the objects.
This middleware is a subclass of Plack::Middleware::Session and accepts most
configuration of the parent class. In addition, following options are
accepted.
- secret
- Server side secret to sign the session data using HMAC SHA1. Defaults to
nothing (i.e. do not sign) but strongly recommended to set your own
secret string.
Unless you use your own serializer/deserializer, running this
middleware without setting a secret is vulnerable to arbitrary code
execution. In the future release it will be required to set the
secret.
- session_key, domain, expires, path, secure, httponly
- Accessors for the cookie attributes. See Plack::Session::State::Cookie for
these options.
Rack::Session::Cookie
<http://www.rubydoc.info/github/rack/rack/Rack/Session/Cookie>
Dancer::Session::Cookie