Provided by: libdancer-session-cookie-perl_0.27-1_all bug

NAME
       Dancer::Session::Cookie - Encrypted cookie-based session backend for Dancer


VERSION
       version 0.27


SYNOPSIS
       Your config.yml:

           session: "cookie"
           session_cookie_key: "this random key IS NOT very random"


DESCRIPTION
       This module implements a session engine for sessions stored entirely in cookies. Usually
       only session id is stored in cookies and the session data itself is saved in some external
       storage, e.g.  database. This module allows one to avoid using external storage at all.

       Since server cannot trust any data returned by client in cookies, this module uses
       cryptography to ensure integrity and also secrecy. The data your application stores in
       sessions is completely protected from both tampering and analysis on the client-side.

       Do be aware that browsers limit the size of individual cookies, so this method is not
       suitable if you wish to store a large amount of data.  Browsers typically limit the size
       of a cookie to 4KB, but that includes the space taken to store the cookie's name,
       expiration and other attributes as well as its content.


CONFIGURATION
       The setting session should be set to "cookie" in order to use this session engine in a
       Dancer application. See Dancer::Config.

       A mandatory setting is needed as well: session_cookie_key, which should contain a random
       string of at least 16 characters (shorter keys are not cryptographically strong using AES
       in CBC mode).

       The optional session_expires setting can also be passed, which will provide the duration
       time of the cookie. If it's not present, the cookie won't have an expiration value.

       Here is an example configuration to use in your config.yml:

           session: "cookie"
           session_cookie_key: "kjsdf07234hjf0sdkflj12*&(@*jk"
           session_expires: 1 hour

       Compromising session_cookie_key will disclose session data to clients and proxies or
       eavesdroppers and will also allow tampering, for example session theft. So, your
       config.yml should be kept at least as secure as your database passwords or even more.

       Also, changing session_cookie_key will have an effect of immediate invalidation of all
       sessions issued with the old value of key.

       session_cookie_path can be used to control the path of the session cookie.  The default is
       /.

       The global session_secure setting is honoured and a secure (https only) cookie will be
       used if set.


DEPENDENCY
       This module depends on Session::Storage::Secure.  Legacy support is provided using
       Crypt::CBC, Crypt::Rijndael, String::CRC32, Storable and MIME::Base64.


SEE ALSO
       See Dancer::Session for details about session usage in route handlers.

       See Plack::Middleware::Session::Cookie, Catalyst::Plugin::CookiedSession, "session" in
       Mojolicious::Controller for alternative implementation of this mechanism.


AUTHORS
       •   Alex Kapranoff <kappa@cpan.org>

       •   Alex Sukria <sukria@cpan.org>

       •   David Golden <dagolden@cpan.org>

       •   Yanick Champoux <yanick@cpan.org>


COPYRIGHT AND LICENSE
       This software is copyright (c) 2015 by Alex Kapranoff.

       This is free software; you can redistribute it and/or modify it under the same terms as
       the Perl 5 programming language system itself.