NAME

HTTP::Session2 - Abstract base class for HTTP::Session2

DESCRIPTION

This is an abstract base class for HTTP::Session2.

Common Methods

my $session = HTTP::Session2::*->new(%args)

Create new instance.

hmac_function: CodeRef

This module uses HMAC to sign the session data. You can choice HMAC function for security enhancements and performance tuning.

Default: \&Digest::SHA::sha1_hex

session_cookie: HashRef

Options for session cookie. For more details, please look Cookie::Baker.

Default:

            

              
              
+{
    httponly => 1,
    secure   => 0,
    name     => 'hss_session',
    path     => '/',
},
            
          

xsrf_cookie: HashRef

HTTP::Session2 generates 2 cookies. One is for session, other is for XSRF token. This parameter configures parameters for XSRF token cookie. For more details, please look Cookie::Baker.

Default:

            

              
              
+{
    httponly => 0,
    secure   => 0,
    name     => 'XSRF-TOKEN',
    path     => '/',
},
            
          

Note: httponly flag should be false. Because this parameter should be readable from JavaScript. And it does not decrease security.

$session->get($key: Str)

Get a value from session.

$session->set($key: Str, $value:Any)

Set a value to session. This means you can set any Serializable data to the storage.

$session->remove($key: Str)

Remove the value from session.

$session->validate_xsrf_token($token: Str)

            

              
              
my $token = $req->header('X-XSRF-TOKEN') || $req->param('XSRF-TOKEN');
unless ($session->validate_xsrf_token($token)) {
    return Plack::Response->new(
        403,
        [],
        'Missing XSRF token'
    );
}
            
          

Validate XSRF token. If the XSRF token is valid, return true. False otherwise.

$session->xsrf_token()

Get a XSRF token in string.

$session->finalize_plack_response($res: Plack::Response)

Finalize cookie headers and inject it to Plack::Response instance.