Expiry not handled correctly

[chrisotherwise]

Line 148 of Cookie.pm passes a value for $expires to an instance of Session::Storage::Secure ($STORE), thus:

sub _cookie_value {
    my ($self, $expires) = @_;
    # copy self guts so we aren't serializing a blessed object
    return $STORE->encode({ %$self }, $expires);
}

But that instance expects an absolute expiry time (seconds since epoch) in that parameter whereas you are passing an expiry time in seconds.

This causes the session encryption/decryption to fail consistently every time if any expiry has been defined in Dancer's config.yml.

This can be fixed by changing line 148 to:

 return $STORE->encode({ %$self });

... in which case the (same) expiry that was used when you instantiated the $STORE will be used correctly.

[dagolden]

Thanks for the report. I'll take a look.

David

[dagolden]

The fix was a little more extensive, but you put me on the right track. In the end, I had to also parse for the "1 hour" format for session_expires. I also wrote some actual tests for session_expires, which hadn't existed before.

Released to CPAN as 0.19