NAME

HTTP::Session - (DEPRECATED) simple session

SYNOPSIS

use HTTP::Session;

my $session = HTTP::Session->new(
    store   => HTTP::Session::Store::Memcached->new(
        memd => Cache::Memcached->new({
            servers => ['127.0.0.1:11211'],
        }),
    ),
    state   => HTTP::Session::State::Cookie->new(
        name => 'foo_sid'
    ),
    request => $c->req,
);

DESCRIPTION

This module is deprecated. Use Plack::Middleware::Session instead.

Yet another session manager.

easy to integrate with PSGI =)

METHODS

my $session = HTTP::Session->new(store => $store, state => $state, request => $req)

This method creates new instance of HTTP::Session.

store is instance of HTTP::Session::Store::*.

state is instance of HTTP::Session::State::*.

request is duck typed object.request object should have header, address, param. You can use PSGI's $env instead.

id selects the session-ID generator class (default: HTTP::Session::ID::Urandom, which draws from Crypt::URandom). The HTTP::Session::ID::MD5 and HTTP::Session::ID::SHA1 backends are also supported; as of CVE-2026-3256 they hash cryptographically secure random bytes (from Crypt::URandom) instead of their former predictable time/PID/rand() input, while keeping their hexadecimal output. Each backend has its own session-ID alphabet: Urandom uses URL-safe Base64 ([A-Za-z0-9_-]), while MD5 and SHA1 use lowercase hexadecimal ([0-9a-f]).

sid_length defaults to 32, which yields at least 128 bits of entropy with any backend (192 bits with Urandom). Lowering it is supported, but reduces the entropy of the session ID proportionally; values around 22 or below drop under the 128-bit level generally recommended for session identifiers.

$session->html_filter($html)

filtering HTML

$session->redirect_filter($url)

filtering redirect URL

$session->header_filter($res)

filtering header

$session->response_filter($res)

filtering response. this method runs html_filter, redirect_filter and header_filter.

$res should be PSGI's response array, instance of HTTP::Response, or HTTP::Engine::Response.

$session->keys()

keys of session.

$session->get(key)

get session item

$session->set(key, val)

set session item

$session->remove(key)

remove item.

$session->as_hashref()

session as hashref.

$session->expire()

expire the session

$session->regenerate_session_id([$delete_old])

regenerate session id.remove old one when $delete_old is true value.

$session->finalize()

commit the session data.

CLEANUP SESSION

Some storage doesn't care the old session data.Please call $store->cleanup( $min ); manually.

AUTHOR

Tokuhiro Matsuno <tokuhirom AAJKLFJEF GMAIL COM>

THANKS TO

kazuhooku
amachang
walf443
yappo
nekokak

REPOSITORY

I use github. repo url is here http://github.com/tokuhirom/http-session/tree/master

SEE ALSO

Catalyst::Plugin::Session, Sledge::Session

LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.