/ 
Plack-Middleware-Session-0.13
/ Plack::Session::Store::Null
Security Advisories (2)
CPANSA-Plack-Middleware-Session-2014-01 (2014-08-11)

Plack::Middleware::Session::Cookie 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server, when the middleware is enabled without a secret.

CVE-2025-40923 (2025-07-16)

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

NAME

Plack::Session::Store::Null - Null store

SYNOPSIS

use Plack::Builder;
use Plack::Middleware::Session;
use Plack::Session::Store::Null;

my $app = sub {
    return [ 200, [ 'Content-Type' => 'text/plain' ], [ 'Hello Foo' ] ];
};

builder {
    enable 'Session',
        store => Plack::Session::Store::Null->new;
    $app;
};

DESCRIPTION

Sometimes you don't want to store anything in your sessions, but Plack::Session requires a store instance, so you can use this one and all methods will return null.

This is a subclass of Plack::Session::Store and implements its full interface.

BUGS

All complex software has bugs lurking in it, and this module is no exception. If you find a bug please either email me, or add the bug to cpan-RT.

AUTHOR

Stevan Little <stevan.little@iinteractive.com>

COPYRIGHT AND LICENSE

Copyright 2009, 2010 Infinity Interactive, Inc.

http://www.iinteractive.com

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.