|
copy gitweblite soruce code
|
1 |
package Mojolicious::Sessions; |
| 2 |
use Mojo::Base -base; |
|
| 3 | ||
| 4 |
use Mojo::JSON; |
|
|
upgraded Mojolicious to v3.7...
|
5 |
use Mojo::Util qw(b64_decode b64_encode); |
|
copy gitweblite soruce code
|
6 | |
|
upgraded Mojolicious to v3.7...
|
7 |
has [qw(cookie_domain secure)]; |
|
copy gitweblite soruce code
|
8 |
has cookie_name => 'mojolicious'; |
| 9 |
has cookie_path => '/'; |
|
| 10 |
has default_expiration => 3600; |
|
| 11 | ||
| 12 |
sub load {
|
|
| 13 |
my ($self, $c) = @_; |
|
| 14 | ||
| 15 |
return unless my $value = $c->signed_cookie($self->cookie_name); |
|
|
upgraded Mojolicious to v3.7...
|
16 |
$value =~ s/-/=/g; |
|
copy gitweblite soruce code
|
17 |
return unless my $session = Mojo::JSON->new->decode(b64_decode $value); |
| 18 | ||
|
update Mojolicious and added...
|
19 |
# "expiration" value is inherited |
|
upgraded Mojolicious to v3.7...
|
20 |
my $expiration = defined $session->{expiration} ? $session->{expiration} : $self->default_expiration;
|
|
copy gitweblite soruce code
|
21 |
return if !(my $expires = delete $session->{expires}) && $expiration;
|
| 22 |
return if defined $expires && $expires <= time; |
|
| 23 | ||
| 24 |
my $stash = $c->stash; |
|
| 25 |
return unless $stash->{'mojo.active_session'} = keys %$session;
|
|
| 26 |
$stash->{'mojo.session'} = $session;
|
|
| 27 |
$session->{flash} = delete $session->{new_flash} if $session->{new_flash};
|
|
| 28 |
} |
|
| 29 | ||
| 30 |
sub store {
|
|
| 31 |
my ($self, $c) = @_; |
|
| 32 | ||
|
update Mojolicious and added...
|
33 |
# Make sure session was active |
|
copy gitweblite soruce code
|
34 |
my $stash = $c->stash; |
| 35 |
return unless my $session = $stash->{'mojo.session'};
|
|
| 36 |
return unless keys %$session || $stash->{'mojo.active_session'};
|
|
| 37 | ||
|
update Mojolicious and added...
|
38 |
# Don't reset flash for static files |
|
copy gitweblite soruce code
|
39 |
my $old = delete $session->{flash};
|
| 40 |
@{$session->{new_flash}}{keys %$old} = values %$old
|
|
| 41 |
if $stash->{'mojo.static'};
|
|
| 42 |
delete $session->{new_flash} unless keys %{$session->{new_flash}};
|
|
| 43 | ||
|
update Mojolicious and added...
|
44 |
# Generate "expires" value from "expiration" if necessary |
|
upgraded Mojolicious to v3.7...
|
45 |
my $expiration = defined $session->{expiration} ? $session->{expiration} : $self->default_expiration;
|
| 46 |
my $default = delete $session->{expires};
|
|
|
copy gitweblite soruce code
|
47 |
$session->{expires} = $default || time + $expiration
|
| 48 |
if $expiration || $default; |
|
| 49 | ||
| 50 |
my $value = b64_encode(Mojo::JSON->new->encode($session), ''); |
|
|
upgraded Mojolicious to v3.7...
|
51 |
$value =~ s/=/-/g; |
|
copy gitweblite soruce code
|
52 |
my $options = {
|
| 53 |
domain => $self->cookie_domain, |
|
| 54 |
expires => $session->{expires},
|
|
| 55 |
httponly => 1, |
|
| 56 |
path => $self->cookie_path, |
|
| 57 |
secure => $self->secure |
|
| 58 |
}; |
|
| 59 |
$c->signed_cookie($self->cookie_name, $value, $options); |
|
| 60 |
} |
|
| 61 | ||
| 62 |
1; |
|
| 63 | ||
|
update Mojolicious to 4.57
|
64 |
=encoding utf8 |
| 65 | ||
|
copy gitweblite soruce code
|
66 |
=head1 NAME |
| 67 | ||
|
upgraded Mojolicious to v3.7...
|
68 |
Mojolicious::Sessions - Signed cookie based session manager |
|
copy gitweblite soruce code
|
69 | |
| 70 |
=head1 SYNOPSIS |
|
| 71 | ||
| 72 |
use Mojolicious::Sessions; |
|
| 73 | ||
| 74 |
my $sessions = Mojolicious::Sessions->new; |
|
|
upgraded Mojolicious to v3.7...
|
75 |
$sessions->cookie_name('myapp');
|
| 76 |
$sessions->default_expiration(86400); |
|
|
copy gitweblite soruce code
|
77 | |
| 78 |
=head1 DESCRIPTION |
|
| 79 | ||
|
upgraded Mojolicious to v3.7...
|
80 |
L<Mojolicious::Sessions> manages simple signed cookie based sessions for |
| 81 |
L<Mojolicious>. All data gets serialized with L<Mojo::JSON> and stored |
|
| 82 |
C<Base64> encoded on the client-side, but is protected from unwanted changes |
|
| 83 |
with a C<HMAC-SHA1> signature. |
|
|
copy gitweblite soruce code
|
84 | |
| 85 |
=head1 ATTRIBUTES |
|
| 86 | ||
| 87 |
L<Mojolicious::Sessions> implements the following attributes. |
|
| 88 | ||
|
update Mojolicious and added...
|
89 |
=head2 cookie_domain |
|
copy gitweblite soruce code
|
90 | |
|
upgraded Mojolicious to v3.7...
|
91 |
my $domain = $sessions->cookie_domain; |
| 92 |
$sessions = $sessions->cookie_domain('.example.com');
|
|
|
copy gitweblite soruce code
|
93 | |
|
upgraded Mojolicious to v3.7...
|
94 |
Domain for session cookies, not defined by default. |
|
copy gitweblite soruce code
|
95 | |
|
update Mojolicious and added...
|
96 |
=head2 cookie_name |
|
copy gitweblite soruce code
|
97 | |
|
upgraded Mojolicious to v3.7...
|
98 |
my $name = $sessions->cookie_name; |
| 99 |
$sessions = $sessions->cookie_name('session');
|
|
|
copy gitweblite soruce code
|
100 | |
|
upgraded Mojolicious to v3.7...
|
101 |
Name for session cookies, defaults to C<mojolicious>. |
|
copy gitweblite soruce code
|
102 | |
|
update Mojolicious and added...
|
103 |
=head2 cookie_path |
|
copy gitweblite soruce code
|
104 | |
|
upgraded Mojolicious to v3.7...
|
105 |
my $path = $sessions->cookie_path; |
| 106 |
$sessions = $sessions->cookie_path('/foo');
|
|
|
copy gitweblite soruce code
|
107 | |
|
upgraded Mojolicious to v3.7...
|
108 |
Path for session cookies, defaults to C</>. |
|
copy gitweblite soruce code
|
109 | |
|
update Mojolicious and added...
|
110 |
=head2 default_expiration |
|
copy gitweblite soruce code
|
111 | |
|
upgraded Mojolicious to v3.7...
|
112 |
my $time = $sessions->default_expiration; |
| 113 |
$sessions = $sessions->default_expiration(3600); |
|
|
copy gitweblite soruce code
|
114 | |
|
upgraded Mojolicious to v3.7...
|
115 |
Default time for sessions to expire in seconds from now, defaults to C<3600>. |
| 116 |
The expiration timeout gets refreshed for every request. Setting the value to |
|
| 117 |
C<0> will allow sessions to persist until the browser window is closed, this |
|
| 118 |
can have security implications though. For more control you can also use the |
|
| 119 |
C<expiration> and C<expires> session values. |
|
|
copy gitweblite soruce code
|
120 | |
|
upgraded Mojolicious to v3.7...
|
121 |
# Expiration date in seconds from now (persists between requests) |
| 122 |
$c->session(expiration => 604800); |
|
| 123 | ||
| 124 |
# Expiration date as absolute epoch time (only valid for one request) |
|
|
copy gitweblite soruce code
|
125 |
$c->session(expires => time + 604800); |
| 126 | ||
|
upgraded Mojolicious to v3.7...
|
127 |
# Delete whole session by setting an expiration date in the past |
|
copy gitweblite soruce code
|
128 |
$c->session(expires => 1); |
| 129 | ||
|
update Mojolicious and added...
|
130 |
=head2 secure |
|
copy gitweblite soruce code
|
131 | |
|
update Mojolicious to 4.57
|
132 |
my $bool = $sessions->secure; |
| 133 |
$sessions = $sessions->secure($bool); |
|
|
copy gitweblite soruce code
|
134 | |
| 135 |
Set the secure flag on all session cookies, so that browsers send them only |
|
| 136 |
over HTTPS connections. |
|
| 137 | ||
| 138 |
=head1 METHODS |
|
| 139 | ||
| 140 |
L<Mojolicious::Sessions> inherits all methods from L<Mojo::Base> and |
|
|
update Mojolicious to 4.57
|
141 |
implements the following new ones. |
|
copy gitweblite soruce code
|
142 | |
|
update Mojolicious and added...
|
143 |
=head2 load |
|
copy gitweblite soruce code
|
144 | |
|
upgraded Mojolicious to v3.7...
|
145 |
$sessions->load(Mojolicious::Controller->new); |
|
copy gitweblite soruce code
|
146 | |
| 147 |
Load session data from signed cookie. |
|
| 148 | ||
|
update Mojolicious and added...
|
149 |
=head2 store |
|
copy gitweblite soruce code
|
150 | |
|
upgraded Mojolicious to v3.7...
|
151 |
$sessions->store(Mojolicious::Controller->new); |
|
copy gitweblite soruce code
|
152 | |
| 153 |
Store session data in signed cookie. |
|
| 154 | ||
| 155 |
=head1 SEE ALSO |
|
| 156 | ||
| 157 |
L<Mojolicious>, L<Mojolicious::Guides>, L<http://mojolicio.us>. |
|
| 158 | ||
| 159 |
=cut |