/ 
HTTP-Session2-1.00
River stage zero No dependents
⭐ Starred 5 GitHub stars
Security Advisories (1)
CPANSA-HTTP-Session2-2018-01 (2018-01-26)

HTTP::Session2 1.10 does not validate session id, this causes RCE depending on the session store you use.

Changes for version 1.00 - 2014-07-28

  • INCOMPATIBLE CHANGE
    • I changed HMAC strategy on ServerSide mode. Previous version uses
      • hmac_hex(data: $session_id, key: $secret)
      • New version is:
        • hmac_hex(data: $secret, key: $session)
      • This version is even secure. But, it's not a critical issue.
      • I think this change won't break your code.

Modules

HTTP::Session2
HTTP session management
HTTP::Session2::Base
Abstract base class for HTTP::Session2
HTTP::Session2::ClientStore
Client store
HTTP::Session2::ServerStore
Session store

Provides

HTTP::Session2::Expired
in lib/HTTP/Session2/Expired.pm

Examples

Other files