Code Index:

package HTTP::Session::State::URI
__END__
EOF

NAME

HTTP::Session::State::URI - embed session id to uri

SYNOPSIS

    HTTP::Session->new(
        state => HTTP::Session::State::URI->new(
            session_id_name => 'foo_sid',
        ),
        store => ...,
        request => ...,
    );

DESCRIPTION

This state module embeds session id to uri.

NOTE: This module doesn't support PSGI's $env for request.

CONFIGURATION

session_id_name

You can set the session id name.

    default: sid

METHODS

html_filter($session_id, $html): HTML filter
redirect_filter($session_id, $url): redirect filter
get_session_id
response_filter: for internal use only

WARNINGS

URI sessions are very prone to session hijacking problems.

package HTTP::Session::State::URI; use strict; use HTTP::Session::State::Base; use HTML::StickyQuery; use HTTP::Session::State::Mixin::ResponseFilter qw/response_filter/; __PACKAGE__->mk_ro_accessors(qw/session_id_name/); sub new { my $class = shift; my %args = ref($_[0]) ? %{$_[0]} : @_; # set default values $args{session_id_name} ||= 'sid'; bless {%args}, $class; } sub get_session_id { my ($self, $req) = @_; Carp::croak "missing req" unless $req; $req->param($self->session_id_name); # hmm... this is not support psgi. } sub html_filter { my ($self, $session_id, $html) = @_; Carp::croak "missing session_id" unless $session_id; my $session_id_name = $self->session_id_name; $html =~ s{(<form\s*.*?>)}{$1\n<input type="hidden" name="$session_id_name" value="$session_id" />}isg; my $sticky = HTML::StickyQuery->new; return $sticky->sticky( scalarref => \$html, param => { $session_id_name => $session_id }, ); } sub redirect_filter { my ( $self, $session_id, $path ) = @_; Carp::croak "missing session_id" unless $session_id; my $uri = URI->new($path); $uri->query_form( $uri->query_form, $self->session_id_name => $session_id ); return $uri->as_string; } 1; __END__