Catalyst-Plugin-Session-0.20

Security Advisories (1)

CVE-2025-40924 (2025-07-17)

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

Take me over?

The maintainer of this distribution is looking for someone to take over! If you're interested then please contact them via email.

Changes for version 0.20 - 2009-02-05

No code changes since 0.19_01 dev release.
Add IDEAS.txt which is an irc log of discussion about the next-generation session plugin from discussion on #catalyst-dev
Remove TODO file, which is no longer relevant.

Changes for version 0.19_01 - 2009-01-09

Switch from using NEXT to Class::C3 for method re-dispatch.
Use shipit to package the dist.
Switch to Module::install.
Flash data is now stored inside the session (key "__flash") to avoid duplicate entry errors caused by simultaneous select/insert/delete of flash rows when using DBI as a Store. (Sergio Salvi)
Fix session finalization order that caused HTTP responses to be sent before the session is actually finalized and stored in its Store. (Sergio Salvi)

Documentation

Catalyst::Plugin::Session::Tutorial

Understanding and using sessions.

Modules

Catalyst::Plugin::Session

Generic Session plugin - ties together server side storage and client side state required to maintain session data.

Catalyst::Plugin::Session::State

Base class for session state preservation plugins.

Catalyst::Plugin::Session::Store

Base class for session storage drivers.

Catalyst::Plugin::Session::Store::Dummy

Doesn't really store sessions - useful for tests.

Catalyst::Plugin::Session::Test::Store

Reusable sanity for session storage engines.

Provides

Catalyst::Plugin::SessionStateTest

in lib/Catalyst/Plugin/Session/Test/Store.pm

SessionStoreTest

in lib/Catalyst/Plugin/Session/Test/Store.pm

SessionStoreTest2

in lib/Catalyst/Plugin/Session/Test/Store.pm

Other files

To install Catalyst::Plugin::Session, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Catalyst::Plugin::Session

CPAN shell

perl -MCPAN -e shell
install Catalyst::Plugin::Session

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Take me over?

Changes for version 0.20 - 2009-02-05

Changes for version 0.19_01 - 2009-01-09

Documentation

Modules

Provides

Other files

Module Install Instructions