/ 
Mojolicious-8.21
⭐ Starred 2674
/ Mojo::Transaction
Security Advisories (6)
CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CVE-2020-36829 (2020-11-10)

Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

CVE-2024-58135 (2025-05-03)

Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

NAME

Mojo::Transaction - Transaction base class

SYNOPSIS

package Mojo::Transaction::MyTransaction;
use Mojo::Base 'Mojo::Transaction';

sub client_read  {...}
sub client_write {...}
sub server_read  {...}
sub server_write {...}

DESCRIPTION

Mojo::Transaction is an abstract base class for transactions, like Mojo::Transaction::HTTP and Mojo::Transaction::WebSocket.

EVENTS

Mojo::Transaction inherits all events from Mojo::EventEmitter and can emit the following new ones.

connection

$tx->on(connection => sub {
  my ($tx, $connection) = @_;
  ...
});

Emitted when a connection has been assigned to transaction.

finish

$tx->on(finish => sub {
  my $tx = shift;
  ...
});

Emitted when transaction is finished.

ATTRIBUTES

Mojo::Transaction implements the following attributes.

kept_alive

my $bool = $tx->kept_alive;
$tx      = $tx->kept_alive($bool);

Connection has been kept alive.

local_address

my $address = $tx->local_address;
$tx         = $tx->local_address('127.0.0.1');

Local interface address.

local_port

my $port = $tx->local_port;
$tx      = $tx->local_port(8080);

Local interface port.

original_remote_address

my $address = $tx->original_remote_address;
$tx         = $tx->original_remote_address('127.0.0.1');

Remote interface address.

remote_port

my $port = $tx->remote_port;
$tx      = $tx->remote_port(8081);

Remote interface port.

req

my $req = $tx->req;
$tx     = $tx->req(Mojo::Message::Request->new);

HTTP request, defaults to a Mojo::Message::Request object.

# Access request information
my $method = $tx->req->method;
my $url    = $tx->req->url->to_abs;
my $info   = $tx->req->url->to_abs->userinfo;
my $host   = $tx->req->url->to_abs->host;
my $agent  = $tx->req->headers->user_agent;
my $custom = $tx->req->headers->header('Custom-Header');
my $bytes  = $tx->req->body;
my $str    = $tx->req->text;
my $hash   = $tx->req->params->to_hash;
my $all    = $tx->req->uploads;
my $value  = $tx->req->json;
my $foo    = $tx->req->json('/23/foo');
my $dom    = $tx->req->dom;
my $bar    = $tx->req->dom('div.bar')->first->text;

res

my $res = $tx->res;
$tx     = $tx->res(Mojo::Message::Response->new);

HTTP response, defaults to a Mojo::Message::Response object.

# Access response information
my $code    = $tx->res->code;
my $message = $tx->res->message;
my $server  = $tx->res->headers->server;
my $custom  = $tx->res->headers->header('Custom-Header');
my $bytes   = $tx->res->body;
my $str     = $tx->res->text;
my $value   = $tx->res->json;
my $foo     = $tx->res->json('/23/foo');
my $dom     = $tx->res->dom;
my $bar     = $tx->res->dom('div.bar')->first->text;

METHODS

Mojo::Transaction inherits all methods from Mojo::EventEmitter and implements the following new ones.

client_read

$tx->client_read($bytes);

Read data client-side, used to implement user agents such as Mojo::UserAgent. Meant to be overloaded in a subclass.

client_write

my $bytes = $tx->client_write;

Write data client-side, used to implement user agents such as Mojo::UserAgent. Meant to be overloaded in a subclass.

closed

$tx = $tx->closed;

Same as "completed", but also indicates that all transaction data has been sent.

completed

$tx = $tx->completed;

Low-level method to finalize transaction.

connection

my $id = $tx->connection;
$tx    = $tx->connection($id);

Connection identifier.

error

my $err = $tx->error;

Get request or response error and return undef if there is no error.

# Longer version
my $err = $tx->req->error || $tx->res->error;

# Check for 4xx/5xx response and connection errors
if (my $err = $tx->error) {
  die "$err->{code} response: $err->{message}" if $err->{code};
  die "Connection error: $err->{message}";
}

is_finished

my $bool = $tx->is_finished;

Check if transaction is finished.

is_websocket

my $bool = $tx->is_websocket;

False, this is not a Mojo::Transaction::WebSocket object.

remote_address

my $address = $tx->remote_address;
$tx         = $tx->remote_address('127.0.0.1');

Same as "original_remote_address" or the last value of the X-Forwarded-For header if "req" has been performed through a reverse proxy.

result

my $res = $tx->result;

Returns the Mojo::Message::Response object from "res" or dies if a connection error has occurred.

# Fine grained response handling (dies on connection errors)
my $res = $tx->result;
if    ($res->is_success)  { say $res->body }
elsif ($res->is_error)    { say $res->message }
elsif ($res->code == 301) { say $res->headers->location }
else                      { say 'Whatever...' }

server_read

$tx->server_read($bytes);

Read data server-side, used to implement web servers such as Mojo::Server::Daemon. Meant to be overloaded in a subclass.

server_write

my $bytes = $tx->server_write;

Write data server-side, used to implement web servers such as Mojo::Server::Daemon. Meant to be overloaded in a subclass.

SEE ALSO

Mojolicious, Mojolicious::Guides, https://mojolicious.org.