Dancer::Session::Cookie - Encrypted cookie-based session backend for Dancer

       •   Alex Kapranoff <kappa@cpan.org>

       •   Alex Sukria <sukria@cpan.org>

       •   David Golden <dagolden@cpan.org>

       •   Yanick Champoux <yanick@cpan.org>

       The setting session should be set to "cookie" in order to use this session engine in a Dancer
       application. See Dancer::Config.

       Another setting is also required: session_cookie_key, which should contain a random string of at least 16
       characters (shorter keys are not cryptographically strong using AES in CBC mode).

       The optional session_expires setting can also be passed, which will provide the duration time of the
       cookie. If it's not present, the cookie won't have an expiration value.

       Here is an example configuration to use in your config.yml:

           session: "cookie"
           session_cookie_key: "kjsdf07234hjf0sdkflj12*&(@*jk"
           session_expires: 1 hour

       Compromising session_cookie_key will disclose session data to clients and proxies or eavesdroppers and
       will also allow tampering, for example session theft. So, your config.yml should be kept at least as
       secure as your database passwords or even more.

       Also, changing session_cookie_key will have an effect of immediate invalidation of all sessions issued
       with the old value of key.

       session_cookie_path can be used to control the path of the session cookie.  The default is "/".

       The global session_secure setting is honored and a secure (https only) cookie will be used if set.

       This software is copyright (c) 2018, 2015, 2014, 2011 by Alex Kapranoff.

       This  is  free  software;  you  can  redistribute  it and/or modify it under the same terms as the Perl 5
       programming language system itself.

perl v5.36.0                                       2023-01-05                       Dancer::Session::Cookie(3pm)

       This module depends on Session::Storage::Secure.  Legacy support is provided using Crypt::CBC,
       Crypt::Rijndael, String::CRC32, Storable and MIME::Base64.

       This module implements a session engine for sessions stored entirely in cookies. Usually only the sessionid is stored in cookies and the session data itself is saved in some external storage, e.g.  a database.
       This module allows you to avoid using external storage at all.

       Since a server cannot trust any data returned by clients in cookies, this module uses cryptography to
       ensure integrity and also secrecy. The data your application stores in sessions is completely protected
       from both tampering and analysis on the client-side.

       Do be aware that browsers limit the size of individual cookies, so this method is not suitable if you
       wish to store a large amount of data.  Browsers typically limit the size of a cookie to 4KB, but that
       includes the space taken to store the cookie's name, expiration and other attributes as well as its
       content.

       Dancer::Session::Cookie - Encrypted cookie-based session backend for Dancer

       See Dancer::Session for details about session usage in route handlers.

       See Plack::Middleware::Session::Cookie, Catalyst::Plugin::CookiedSession, "session" in
       Mojolicious::Controller for alternative implementation of this mechanism.

       Your config.yml:

           session: "cookie"
           session_cookie_key: "this random key IS NOT very random"

       version 0.30