Security Advisories (4)

CPANSA-Jifty-2011-01 (2011-03-17)

The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2009-01 (2009-04-09)

The REST plugin would let you call any method on the model.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2008-01 (2009-04-08)

Allowed all actions on GET.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2006-01 (2006-07-06)

Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the "standalone" webserver in production, the attacker could gain read only access to local files.

https://metacpan.org/dist/Jifty/changes

NAME

Jifty::Web::Session - A Jifty session handler

DESCRIPTION

* Jifty sessions

* User gets a per-app session cookie in their first response from the server * User gets an updated cookie on any request where: 1) if the cookie parameters have changed 2) if the user's current sessionid doesn't match the cookie's session id

* The session cookie is handed out after all processing, but before any page content is displayed

* The user gets a cookie even if we're doing a redirect.

* In the future, we might want to not give the user a cookie.

* Debugging

** Should log: * User presented a session cookie * Loaded session from disk * Failed to load session from disk (expired) * Created a new session * Sent a session cookie to the user.

load

Load up the current session from a cookie

unload

Flush the session to diskd and quit.

get KEY

Returns the value for KEY for the current user's session

set KEY => VALUE

Sets the value VALUE for KEY for the current user's session

remove KEY

Remove key KEY from the cache.

set_continuation KEY VALUE

Stores a continuation in the session

get_continuation KEY

Pulls a continuation from the current session. Expects a continuation id

remove_continuation CONTINUATION_ID

Removes a continuation with id CONTINUATION id from the store.

continuations

Return a hash of all the continuations in this session. Keyed by continuation_id.

set_cookie

Sets the session cookie

cookie_name

Returns the current session's cookie_name. (It's a generic thing for all users

expires

Return this cache entry's expirey date, in the format expected by Cache::Cache;

To install Jifty, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Jifty

CPAN shell

perl -MCPAN -e shell
install Jifty

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)