/ 
Dancer2-0.202000
River stage three • 176 direct dependents • 198 total dependents
⭐ Starred 552 GitHub stars
/ Dancer2::Core::Role::SessionFactory::File
Security Advisories (1)
CPANSA-Dancer2-2018-01 (2018-01-30)

There is a potential RCE with regards to Storable. We have added session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE.

NAME

Dancer2::Core::Role::SessionFactory::File - Role for file-based session factories

VERSION

version 0.202000

DESCRIPTION

This is a specialized SessionFactory role for storing session data in files.

This role manages the files. Classes consuming it only need to handle serialization and deserialization.

Classes consuming this must satisfy three requirements: _suffix, _freeze_to_handle and _thaw_from_handle.

package Dancer2::SessionFactory::XYX

use Moo;

has _suffix => (
    is      => 'ro',
    isa     => 'Str',
    default => sub { '.xyz' },
);

with 'Dancer2::Core::Role::SessionFactory::File';

sub _freeze_to_handle {
    my ($self, $fh, $data) = @_;

    # ... do whatever to get data into $fh

    return;
}

sub _thaw_from_handle {
    my ($self, $fh) = @_;
    my $data;

    # ... do whatever to get data from $fh

    return $data;
}

1;

ATTRIBUTES

session_dir

Where to store the session files. Defaults to "./sessions".

AUTHOR

Dancer Core Developers

COPYRIGHT AND LICENSE

This software is copyright (c) 2016 by Alexis Sukrieh.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.