/ 
Mojolicious-9.42
River stage four • 1086 direct dependents • 1231 total dependents
⭐ Starred 2674 GitHub stars
/ Mojo::Transaction
Security Advisories (2)
CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

CVE-2024-58135 (2025-05-03)

Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

NAME

Mojo::Transaction - Transaction base class

SYNOPSIS

package Mojo::Transaction::MyTransaction;
use Mojo::Base 'Mojo::Transaction';

sub client_read  {...}
sub client_write {...}
sub server_read  {...}
sub server_write {...}

DESCRIPTION

Mojo::Transaction is an abstract base class for transactions, like Mojo::Transaction::HTTP and Mojo::Transaction::WebSocket.

EVENTS

Mojo::Transaction inherits all events from Mojo::EventEmitter and can emit the following new ones.

connection

$tx->on(connection => sub ($tx, $connection) {...});

Emitted when a connection has been assigned to transaction.

finish

$tx->on(finish => sub ($tx) {...});

Emitted when transaction is finished.

ATTRIBUTES

Mojo::Transaction implements the following attributes.

kept_alive

my $bool = $tx->kept_alive;
$tx      = $tx->kept_alive($bool);

Connection has been kept alive.

local_address

my $address = $tx->local_address;
$tx         = $tx->local_address('127.0.0.1');

Local interface address.

local_port

my $port = $tx->local_port;
$tx      = $tx->local_port(8080);

Local interface port.

original_remote_address

my $address = $tx->original_remote_address;
$tx         = $tx->original_remote_address('127.0.0.1');

Remote interface address.

remote_port

my $port = $tx->remote_port;
$tx      = $tx->remote_port(8081);

Remote interface port.

req

my $req = $tx->req;
$tx     = $tx->req(Mojo::Message::Request->new);

HTTP request, defaults to a Mojo::Message::Request object.

# Access request information
my $method = $tx->req->method;
my $url    = $tx->req->url->to_abs;
my $info   = $tx->req->url->to_abs->userinfo;
my $host   = $tx->req->url->to_abs->host;
my $agent  = $tx->req->headers->user_agent;
my $custom = $tx->req->headers->header('Custom-Header');
my $bytes  = $tx->req->body;
my $str    = $tx->req->text;
my $hash   = $tx->req->params->to_hash;
my $all    = $tx->req->uploads;
my $value  = $tx->req->json;
my $foo    = $tx->req->json('/23/foo');
my $dom    = $tx->req->dom;
my $bar    = $tx->req->dom('div.bar')->first->text;

res

my $res = $tx->res;
$tx     = $tx->res(Mojo::Message::Response->new);

HTTP response, defaults to a Mojo::Message::Response object.

# Access response information
my $code    = $tx->res->code;
my $message = $tx->res->message;
my $server  = $tx->res->headers->server;
my $custom  = $tx->res->headers->header('Custom-Header');
my $bytes   = $tx->res->body;
my $str     = $tx->res->text;
my $value   = $tx->res->json;
my $foo     = $tx->res->json('/23/foo');
my $dom     = $tx->res->dom;
my $bar     = $tx->res->dom('div.bar')->first->text;

METHODS

Mojo::Transaction inherits all methods from Mojo::EventEmitter and implements the following new ones.

client_read

$tx->client_read($bytes);

Read data client-side, used to implement user agents such as Mojo::UserAgent. Meant to be overloaded in a subclass.

client_write

my $bytes = $tx->client_write;

Write data client-side, used to implement user agents such as Mojo::UserAgent. Meant to be overloaded in a subclass.

closed

$tx = $tx->closed;

Same as "completed", but also indicates that all transaction data has been sent.

completed

$tx = $tx->completed;

Low-level method to finalize transaction.

connection

my $id = $tx->connection;
$tx    = $tx->connection($id);

Connection identifier.

error

my $err = $tx->error;

Get request or response error and return undef if there is no error.

# Longer version
my $err = $tx->req->error || $tx->res->error;

# Check for 4xx/5xx response and connection errors
if (my $err = $tx->error) {
  die "$err->{code} response: $err->{message}" if $err->{code};
  die "Connection error: $err->{message}";
}

is_finished

my $bool = $tx->is_finished;

Check if transaction is finished.

is_websocket

my $bool = $tx->is_websocket;

False, this is not a Mojo::Transaction::WebSocket object.

remote_address

my $address = $tx->remote_address;
$tx         = $tx->remote_address('127.0.0.1');

Same as "original_remote_address" unless "req" has been performed via a "reverse_proxy" in Mojo::Message::Request. If so then the last value of X-Forwarded-For header is returned. Additionally if "trusted_proxies" in Mojo::Message::Request are also provided then the original address must be trusted and any X-Forwarded-For entries that are trusted are ignored, returning the last untrusted address or the first address if all are trusted.

result

my $res = $tx->result;

Returns the Mojo::Message::Response object from "res" or dies if a connection error has occurred.

# Fine grained response handling (dies on connection errors)
my $res = $tx->result;
if    ($res->is_success)  { say $res->body }
elsif ($res->is_error)    { say $res->message }
elsif ($res->code == 301) { say $res->headers->location }
else                      { say 'Whatever...' }

server_read

$tx->server_read($bytes);

Read data server-side, used to implement web servers such as Mojo::Server::Daemon. Meant to be overloaded in a subclass.

server_write

my $bytes = $tx->server_write;

Write data server-side, used to implement web servers such as Mojo::Server::Daemon. Meant to be overloaded in a subclass.

SEE ALSO

Mojolicious, Mojolicious::Guides, https://mojolicious.org.