Mojolicious::Sessions - Session manager based on signed cookies
NAME SYNOPSIS DESCRIPTION ATTRIBUTES cookie_domain cookie_name cookie_path default_expiration deserialize encrypted samesite secure serialize METHODS load store SEE ALSONAME
Mojolicious::Sessions − Session manager based on signed cookies
SYNOPSIS
use
Mojolicious::Sessions;
my $sessions = Mojolicious::Sessions−>new;
$sessions−>cookie_name('myapp');
$sessions−>default_expiration(86400);
DESCRIPTION
Mojolicious::Sessions manages sessions based on signed cookies for Mojolicious. All data gets serialized with Mojo::JSON and stored Base64 encoded on the client−side, but is protected from unwanted changes with a HMAC−SHA256 signature.
ATTRIBUTES
Mojolicious::Sessions implements the following attributes.
cookie_domain
my $domain =
$sessions−>cookie_domain;
$sessions =
$sessions−>cookie_domain('.example.com');
Domain for session cookies, not defined by default.
cookie_name
my $name =
$sessions−>cookie_name;
$sessions = $sessions−>cookie_name('session');
Name for session cookies, defaults to "mojolicious".
cookie_path
my $path =
$sessions−>cookie_path;
$sessions = $sessions−>cookie_path('/foo');
Path for session cookies, defaults to "/".
default_expiration
my $time =
$sessions−>default_expiration;
$sessions =
$sessions−>default_expiration(3600);
Default time for sessions to expire in seconds from now, defaults to 3600. The expiration timeout gets refreshed for every request. Setting the value to 0 will allow sessions to persist until the browser window is closed, this can have security implications though. For more control you can also use the "expiration" and "expires" session values.
# Expiration
date in seconds from now (persists between requests)
$c−>session(expiration => 604800);
# Expiration date as absolute epoch time (only valid for one
request)
$c−>session(expires => time + 604800);
# Delete whole session by setting an expiration date in the
past
$c−>session(expires => 1);
deserialize
my $cb =
$sessions−>deserialize;
$sessions = $sessions−>deserialize(sub ($bytes)
{...});
A callback used to deserialize sessions, defaults to "j" in Mojo::JSON.
$sessions−>deserialize(sub ($bytes) { return {} });
encrypted
my $bool =
$sessions−>encrypted;
$sessions = $sessions−>encrypted($bool);
Use encrypted session cookies instead of merely cryptographically signed ones.
samesite
my $samesite =
$sessions−>samesite;
$sessions = $sessions−>samesite('Strict');
Set the SameSite value on all session cookies, defaults to "Lax".
# Disable
SameSite feature
$sessions−>samesite(undef);
secure
my $bool =
$sessions−>secure;
$sessions = $sessions−>secure($bool);
Set the secure flag on all session cookies, so that browsers send them only over HTTPS connections.
serialize
my $cb =
$sessions−>serialize;
$sessions = $sessions−>serialize(sub ($hash)
{...});
A callback used to serialize sessions, defaults to "encode_json" in Mojo::JSON.
$sessions−>serialize(sub ($hash) { return '' });
METHODS
Mojolicious::Sessions inherits all methods from Mojo::Base and implements the following new ones.
load
$sessions−>load(Mojolicious::Controller−>new);
Load session data from signed cookie.
store
$sessions−>store(Mojolicious::Controller−>new);
Store session data in signed cookie.
SEE ALSO
Mojolicious, Mojolicious::Guides, <https://mojolicious.org>.