Code Index:

package Apache2::Controller::Session::Cookie
- get_session_id
- set_session_id
EOF

NAME

Apache2::Controller::Session::Cookie - track a sessionid with a cookie in A2C

VERSION

Version 1.000.111

SYNOPSIS

See Apache2::Controller::Session for detailed setup example.

 package MyApp::Session;
 use base qw( Apache2::Controller::Session::Cookie );
 sub get_options {
     # ...
 }
 1;

DESCRIPTION

This module implements get_session_id and set_session_id to get and set the session id from a cookie.

DIRECTIVES

A2C_Session_Cookie_Opts

Apache2::Controller::Directives

Apache2::Cookie

METHODS

These methods must by implemented by any Apache2::Controller::Session subclass.

get_session_id

 my $sid = $self->get_session_id();

Get the session id from the cookie and verifies it.

Sets $r->pnotes->{a2c}{session_id} to be the session id string.

See get_cookie_jar in Apache2::Controller::Methods and A2C_Skip_Bogus_Cookies in Apache2::Controller::Directives.

If the cookie is not present or invalid, returns undef.

Warns the debug log if sig validation fails and returns undef.

set_session_id

 $self->set_session_id($sid);

Set the session id in the cookie.

AUTHOR

Mark Hedges, <hedges at formdata.biz>

COPYRIGHT & LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

This software is provided as-is, with no warranty and no guarantee of fitness for any particular purpose.

package Apache2::Controller::Session::Cookie;

use version; our $VERSION = version->new('1.000.111');

use strict; use warnings FATAL => 'all'; use English '-no_match_vars'; use base qw( Apache2::Controller::Session ); use Log::Log4perl qw(:easy); use Readonly; use YAML::Syck; use Apache2::Controller::X; Readonly my $DEFAULT_COOKIE_NAME => 'A2CSession';

sub get_session_id { my ($self) = @_; my %copts = %{ $self->get_directive('A2C_Session_Cookie_Opts') || { } }; $copts{name} ||= $DEFAULT_COOKIE_NAME; my $cookie_name = $copts{name}; my $jar = $self->get_cookie_jar(); # result might be undef my ($sid, $valid_sig, $cookie) = (); my $sig = qq{}; if (defined $jar) { DEBUG "looking for cookie name '$cookie_name'"; $cookie = $jar->cookies($cookie_name); if ($cookie) { DEBUG "found cookie named '$cookie_name'"; my ($read_sid, $read_sig) = $cookie->value(); $sid = $read_sid; $sig = $read_sig if defined $read_sig; } else { DEBUG "found no valid cookie named '$cookie_name'"; } DEBUG sub { Dump({ sid_from_cookie => $sid, sig_from_cookie => $sig, }) }; } if (defined $sid) { # if the session_id does not pass signature, return nothing $valid_sig = $self->signature($sid); if ($valid_sig ne $sig) { WARN "signature validation failed"; return; } } # save sig and Apache2::Cookie object for this handler stage # (do not need to recompute the signature since we will use this one) $self->{session_valid_sig} = $valid_sig; return $sid; }

sub set_session_id { my ($self, $session_id) = @_; DEBUG("Setting session_id '$session_id'"); my $r = $self->{r}; my $directives = $self->get_directives(); my %opts = %{ $self->get_directive('A2C_Session_Cookie_Opts') || { } }; $opts{name} ||= $DEFAULT_COOKIE_NAME; DEBUG(sub {"Creating session cookie with opts:\n".Dump(\%opts)}); my $name = delete $opts{name}; my $cookie = Apache2::Cookie->new( $r, -name => $name, -value => [ $session_id, ( $self->{session_valid_sig} || $self->signature($session_id) ) ], ); $cookie->$_($opts{$_}) for keys %opts; DEBUG("baking cookie '$cookie'"); $cookie->bake($r); DEBUG('setting in pnotes'); $r->pnotes->{a2c}{session_id} = $session_id; DEBUG("done setting session_id"); return; }

1; # End of Apache2::Controller::Session::Cookie