/ 
Dancer2-0.06
⭐ Starred 552
/ Dancer2::Session::YAML
Security Advisories (1)
CPANSA-Dancer2-2018-01 (2018-01-30)

There is a potential RCE with regards to Storable. We have added session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE.

NAME

Dancer2::Session::YAML - YAML-file-based session backend for Dancer2

VERSION

version 0.06

DESCRIPTION

This module implements a session engine based on YAML files. Session are stored in a session_dir as YAML files. The idea behind this module was to provide a human-readable session storage for the developer.

This backend is intended to be used in development environments, when digging inside a session can be useful.

This backend an perfectly be used in production environments, but two things should be kept in mind: The content of the session files is in plain text, and the session files should be purged by a CRON job.

CONFIGURATION

The setting session should be set to YAML in order to use this session engine in a Dancer2 application.

Files will be stored to the value of the setting session_dir, whose default value is appdir/sessions.

Here is an example configuration that use this session engine and stores session files in /tmp/dancer-sessions

session: "YAML"

engines:
  session:
    YAML:
      session_dir: "/tmp/dancer-sessions"

DEPENDENCY

This module depends on YAML.

SEE ALSO

See Dancer2::Session for details about session usage in route handlers.

AUTHOR

Dancer Core Developers

COPYRIGHT AND LICENSE

This software is copyright (c) 2013 by Alexis Sukrieh.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.