/ 
Dancer-1.3522
⭐ Starred 738 / Dancer::Route::Cache
Security Advisories (1)
CVE-2026-5080 (2026-04-30)

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-billion, and concatenating that result three times. The path name might be known or guessed by an attacker, especially for applications known to be written using Dancer with standard installation locations. The epoch time can be guessed by an attacker, and may be leaked in the HTTP header. The process id comes from a small set of numbers, and workers may have sequential process ids. The built-in rand() function is seeded with 32-bits and is considered unsuitable for security applications. Predictable session ids could allow an attacker to gain access to systems.

NAME

Dancer::Route::Cache - route caching mechanism for Dancer

VERSION

version 1.3522

SYNOPSIS

my $cache = Dancer::Route::Cache->new(
    path_limit => 300, # optional, defaults to 600 (routes to cache)
    size_limit => 5M,  # optional, defaults to 10M (10MB)
);

# storing a path
# /new/item/ is the path, $route is a compiled route
$cache->store_path( 'get', '/new/item/', $route );
my $cached_route = $cache->route_from_path('/new/item/');

DESCRIPTION

When Dancer first starts, it has to compile a regexp list of all the routes. Then, on each request it goes over the compiled routes list and tries to compare the requested path to a route.

A major drawback is that Dancer has to go over the matching on every request, which (especially on CGI-based applications) can be very time consuming.

The caching mechanism allows one to cache some requests to specific routes (but NOT specific results) and run those routes on a specific path. This allows us to speed up Dancer quite a lot.

METHODS/SUBROUTINES

new(@args)

Creates a new route cache object.

my $cache = Dancer::Route::Cache->new(
    path_limit => 100,   # only 100 paths will be cached
    size_limit => '30M', # max size for cache is 30MB
);

Please check the ATTRIBUTES section below to learn about the arguments for new().

route_from_path($path)

Fetches the route from the path in the cache.

store_path( $method, $path => $route )

Stores the route in the cache according to the path and $method.

For developers: the reason we're using an object for this and not directly using the registry hash is because we need to enforce the limits.

parse_size($size)

Parses the size wanted to bytes. It can handle Kilobytes, Megabytes or Gigabytes.

NOTICE: handles bytes, not bits!

my $bytes = $cache->parse_size('30M');

# doesn't need an existing object
$bytes = Dancer::Route::Cache->parse_size('300G'); # works this way too

route_cache_size

Returns a rough calculation the size of the cache. This is used to enforce the size limit.

route_cache_paths

Returns all the paths in the cache. This is used to enforce the path limit. Please be careful if you use "mount" in Plack::Builder and some applications - routes are linked with applications and same path may be in some applications but with different handlers!

ATTRIBUTES

size_limit($limit)

Allows one to set a size limit of the cache.

Returns the limit (post-set).

$cache->size_limit('10K');      # sets limit
my $limit = $cache->size_limit; # gets limit

path_limit($limit)

A path limit. That is, the amount of paths that whose routes will be cached.

Returns the limit (post-set).

$cache->path_limit('100');      # sets limit
my $limit = $cache->path_limit; # gets limit

AUTHOR

Dancer Core Developers

COPYRIGHT AND LICENSE

This software is copyright (c) 2010 by Alexis Sukrieh.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.