search

dagolden / Dancer-Session-Cookie

Dancer session engine based on encrypted cookies
2 stars 2 forks source link

readme

=pod

=encoding utf-8

=head1 NAME

Dancer::Session::Cookie - Encrypted cookie-based session backend for Dancer

=head1 VERSION

version 0.22

=head1 SYNOPSIS

Your F:

session: "cookie"
session_cookie_key: "this random key IS NOT very random"

=head1 DESCRIPTION

This module implements a session engine for sessions stored entirely in cookies. Usually only B is stored in cookies and the session data itself is saved in some external storage, e.g. database. This module allows to avoid using external storage at all.

Since server cannot trust any data returned by client in cookies, this module uses cryptography to ensure integrity and also secrecy. The data your application stores in sessions is completely protected from both tampering and analysis on the client-side.

=head1 CONFIGURATION

The setting B should be set to C in order to use this session engine in a Dancer application. See L.

A mandatory setting is needed as well: B, which should contain a random string of at least 16 characters (shorter keys are not cryptographically strong using AES in CBC mode).

Here is an example configuration to use in your F:

session: "cookie"
session_cookie_key: "kjsdf07234hjf0sdkflj12*&(@*jk"

Compromising B will disclose session data to clients and proxies or eavesdroppers and will also allow tampering, for example session theft. So, your F should be kept at least as secure as your database passwords or even more.

Also, changing B will have an effect of immediate invalidation of all sessions issued with the old value of key.

B can be used to control the path of the session cookie. The default is /.

The global B setting is honoured and a secure (https only) cookie will be used if set.

=head1 DEPENDENCY

This module depends on L. Legacy support is provided using L, L, L, L and L.

=head1 SEE ALSO

See L for details about session usage in route handlers.

See L, L, L<Mojolicious::Controller/session> for alternative implementation of this mechanism.

=for :stopwords cpan testmatrix url annocpan anno bugtracker rt cpants kwalitee diff irc mailto metadata placeholders metacpan

=head1 SUPPORT

=head2 Bugs / Feature Requests

Please report any bugs or feature requests through the issue tracker at Lhttps://github.com/dagolden/dancer-session-cookie/issues. You will be notified automatically of any progress on your issue.

=head2 Source Code

This is open source software. The code repository is available for public review and contribution under the terms of the license.

Lhttps://github.com/dagolden/dancer-session-cookie

git clone git://github.com/dagolden/dancer-session-cookie.git

=head1 AUTHORS

=over 4

=item *

Alex Kapranoff kappa@cpan.org

=item *

Alex Sukria sukria@cpan.org

=item *

David Golden dagolden@cpan.org

=back

=head1 CONTRIBUTORS

=over 4

=item *

Michael G. Schwern schwern@pobox.com

=item *

Neil Kirsopp neil@broadbean.com

=item *

Nick S. Knutov nick@knutov.com

=back

=head1 COPYRIGHT AND LICENSE

This software is copyright (c) 2013 by Alex Kapranoff.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.