NAME
Mojolicious::Sessions - Signed cookie based session manager
SYNOPSIS
use Mojolicious::Sessions;
my $sessions = Mojolicious::Sessions->new;
$sessions->cookie_name('myapp');
$sessions->default_expiration(86400);
DESCRIPTION
Mojolicious::Sessions manages simple signed cookie based sessions for Mojolicious. All data gets serialized with Mojo::JSON and stored Base64
encoded on the client-side, but is protected from unwanted changes with a HMAC-SHA1
signature.
ATTRIBUTES
Mojolicious::Sessions implements the following attributes.
cookie_domain
my $domain = $sessions->cookie_domain;
$sessions = $sessions->cookie_domain('.example.com');
Domain for session cookies, not defined by default.
cookie_name
my $name = $sessions->cookie_name;
$sessions = $sessions->cookie_name('session');
Name for session cookies, defaults to mojolicious
.
cookie_path
my $path = $sessions->cookie_path;
$sessions = $sessions->cookie_path('/foo');
Path for session cookies, defaults to /
.
default_expiration
my $time = $sessions->default_expiration;
$sessions = $sessions->default_expiration(3600);
Default time for sessions to expire in seconds from now, defaults to 3600
. The expiration timeout gets refreshed for every request. Setting the value to 0
will allow sessions to persist until the browser window is closed, this can have security implications though. For more control you can also use the expiration
and expires
session values.
# Expiration date in epoch seconds from now (persists between requests)
$c->session(expiration => 604800);
# Expiration date as absolute epoch time (only valid for one request)
$c->session(expires => time + 604800);
# Delete whole session by setting an expiration date in the past
$c->session(expires => 1);
secure
my $secure = $sessions->secure;
$sessions = $sessions->secure(1);
Set the secure flag on all session cookies, so that browsers send them only over HTTPS connections.
METHODS
Mojolicious::Sessions inherits all methods from Mojo::Base and implements the following ones.
load
$sessions->load(Mojolicious::Controller->new);
Load session data from signed cookie.
store
$sessions->store(Mojolicious::Controller->new);
Store session data in signed cookie.