plucky (3) Mojolicious::Sessions.3pm.gz

Provided by: libmojolicious-perl_9.39+dfsg-1_all bug

NAME

       Mojolicious::Sessions - Session manager based on signed cookies

SYNOPSIS

         use Mojolicious::Sessions;

         my $sessions = Mojolicious::Sessions->new;
         $sessions->cookie_name('myapp');
         $sessions->default_expiration(86400);

DESCRIPTION

       Mojolicious::Sessions manages sessions based on signed cookies for Mojolicious. All data gets serialized
       with Mojo::JSON and stored Base64 encoded on the client-side, but is protected from unwanted changes with
       a HMAC-SHA256 signature.

ATTRIBUTES

       Mojolicious::Sessions implements the following attributes.

   cookie_domain
         my $domain = $sessions->cookie_domain;
         $sessions  = $sessions->cookie_domain('.example.com');

       Domain for session cookies, not defined by default.

   cookie_name
         my $name  = $sessions->cookie_name;
         $sessions = $sessions->cookie_name('session');

       Name for session cookies, defaults to "mojolicious".

   cookie_path
         my $path  = $sessions->cookie_path;
         $sessions = $sessions->cookie_path('/foo');

       Path for session cookies, defaults to "/".

   default_expiration
         my $time  = $sessions->default_expiration;
         $sessions = $sessions->default_expiration(3600);

       Default time for sessions to expire in seconds from now, defaults to 3600. The expiration timeout gets
       refreshed for every request. Setting the value to 0 will allow sessions to persist until the browser
       window is closed, this can have security implications though. For more control you can also use the
       "expiration" and "expires" session values.

         # Expiration date in seconds from now (persists between requests)
         $c->session(expiration => 604800);

         # Expiration date as absolute epoch time (only valid for one request)
         $c->session(expires => time + 604800);

         # Delete whole session by setting an expiration date in the past
         $c->session(expires => 1);

   deserialize
         my $cb    = $sessions->deserialize;
         $sessions = $sessions->deserialize(sub ($bytes) {...});

       A callback used to deserialize sessions, defaults to "j" in Mojo::JSON.

         $sessions->deserialize(sub ($bytes) { return {} });

   encrypted
         my $bool  = $sessions->encrypted;
         $sessions = $sessions->encrypted($bool);

       Use encrypted session cookies instead of merely cryptographically signed ones. Note that this attribute
       is EXPERIMENTAL and might change without warning!

   samesite
         my $samesite = $sessions->samesite;
         $sessions    = $sessions->samesite('Strict');

       Set the SameSite value on all session cookies, defaults to "Lax". Note that this attribute is
       EXPERIMENTAL because even though most commonly used browsers support the feature, there is no
       specification yet besides this draft <https://tools.ietf.org/html/draft-west-first-party-cookies-07>.

         # Disable SameSite feature
         $sessions->samesite(undef);

   secure
         my $bool  = $sessions->secure;
         $sessions = $sessions->secure($bool);

       Set the secure flag on all session cookies, so that browsers send them only over HTTPS connections.

   serialize
         my $cb    = $sessions->serialize;
         $sessions = $sessions->serialize(sub ($hash) {...});

       A callback used to serialize sessions, defaults to "encode_json" in Mojo::JSON.

         $sessions->serialize(sub ($hash) { return '' });

METHODS

       Mojolicious::Sessions inherits all methods from Mojo::Base and implements the following new ones.

   load
         $sessions->load(Mojolicious::Controller->new);

       Load session data from signed cookie.

   store
         $sessions->store(Mojolicious::Controller->new);

       Store session data in signed cookie.

SEE ALSO

       Mojolicious, Mojolicious::Guides, <https://mojolicious.org>.