Catalyst-Plugin-Session-State-Cookie-0.18/000755 000000 000000 00000000000 13721740130 020465 5ustar00rootwheel000000 000000 Catalyst-Plugin-Session-State-Cookie-0.18/README000644 000000 000000 00000012142 13721740130 021345 0ustar00rootwheel000000 000000 NAME Catalyst::Plugin::Session::State::Cookie - Maintain session IDs using cookies. SYNOPSIS use Catalyst qw/Session Session::State::Cookie Session::Store::Foo/; DESCRIPTION In order for Catalyst::Plugin::Session to work the session ID needs to be stored on the client, and the session data needs to be stored on the server. This plugin stores the session ID on the client using the cookie mechanism. METHODS make_session_cookie Returns a hash reference with the default values for new cookies. update_session_cookie $hash_ref Sets the cookie based on "cookie_name" in the response object. calc_expiry calculate_session_cookie_expires cookie_is_rejecting delete_session_id extend_session_id get_session_cookie get_session_id set_session_id EXTENDED METHODS prepare_cookies Will restore if an appropriate cookie is found. finalize_cookies Will set a cookie called "session" if it doesn't exist or if its value is not the current session id. setup_session Will set the "cookie_name" parameter to its default value if it isn't set. CONFIGURATION cookie_name The name of the cookie to store (defaults to "Catalyst::Utils::apprefix($c) . '_session'"). cookie_domain The name of the domain to store in the cookie (defaults to current host) cookie_expires Number of seconds from now you want to elapse before cookie will expire. Set to 0 to create a session cookie, ie one which will die when the user's browser is shut down. cookie_secure If this attribute set to 0 the cookie will not have the secure flag. If this attribute set to 1 (or true for backward compatibility) - the cookie sent by the server to the client will get the secure flag that tells the browser to send this cookie back to the server only via HTTPS. If this attribute set to 2 then the cookie will get the secure flag only if the request that caused cookie generation was sent over https (this option is not good if you are mixing https and http in your application). Default value is 0. cookie_httponly If this attribute set to 0, the cookie will not have HTTPOnly flag. If this attribute set to 1, the cookie will got HTTPOnly flag that should prevent client side Javascript accessing the cookie value - this makes some sort of session hijacking attacks significantly harder. Unfortunately not all browsers support this flag (MSIE 6 SP1+, Firefox 3.0.0.6+, Opera 9.5+); if a browser is not aware of HTTPOnly the flag will be ignored. Default value is 1. Note1: Many people are confused by the name "HTTPOnly" - it does not mean that this cookie works only over HTTP and not over HTTPS. Note2: This parameter requires Catalyst::Runtime 5.80005 otherwise is skipped. cookie_samesite This attribute configures the value of the SameSite flag. If set to None, the cookie will be sent when making cross origin requests, including following links from other origins. This requires the "cookie_secure" flag to be set. If set to Lax, the cookie will not be included when embedded in or fetched from other origins, but will be included when following cross origin links. If set to Strict, the cookie will not be included for any cross origin requests, including links from different origins. Default value is "Lax". This is the default modern browsers use. Note: This parameter requires Catalyst::Runtime 5.90125 otherwise is skipped. cookie_path The path of the request url where cookie should be baked. For example, you could stick this in MyApp.pm: __PACKAGE__->config( 'Plugin::Session' => { cookie_domain => '.mydomain.com', }); CAVEATS Sessions have to be created before the first write to be saved. For example: sub action : Local { my ( $self, $c ) = @_; $c->res->write("foo"); $c->session( ... ); ... } Will cause a session ID to not be set, because by the time a session is actually created the headers have already been sent to the client. SEE ALSO Catalyst, Catalyst::Plugin::Session. AUTHORS Yuval Kogman CONTRIBUTORS This module is derived from Catalyst::Plugin::Session::FastMmap code, and has been heavily modified since. Andrew Ford Andy Grundman Christian Hansen Marcus Ramberg Jonathan Rockway Sebastian Riedel Florian Ragwitz COPYRIGHT Copyright (c) 2005 - 2009 the Catalyst::Plugin::Session::State::Cookie "AUTHORS" and "CONTRIBUTORS" as listed above. LICENSE This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself. Catalyst-Plugin-Session-State-Cookie-0.18/Changes000644 000000 000000 00000006171 13721737771 022006 0ustar00rootwheel000000 000000 Revision history for Perl extension Catalyst::Plugin::Session::State::Cookie 0.18 - 2020-08-27 - add SameSite support (RT#133009) - convert optional test using Test::WWW::Mechanize::Catalyst to mandatory test using Catalyst::Test - convert from Module::Install to Distar for packaging and release process - fix running Makefile.PL when . is not included in @INC (RT#121882) - minor test cleanups - typo and spelling fixes in documentation - convert repository to git (fREW Schmidt) 0.17 2009-10-18 - Fixup copyright information 0.16 2009-10-16 - Use session config handling from Catalyst::Plugin::Session 0.27. 0.15 2009-10-06 - Fix the httponly option again (Closes RT##50249). - Make tests not warn with latest version of Catalyst. - Prefer session configuration to be in the 'Plugin::Session' config key, but provide backwards compatibility for the deprecated 'session' key. 0.14 2009-08-22 - Allow turning off the httponly option (Closes RT#48930). 0.13 2009-08-19 - Remove Test::MockObject from the test suite as prone to failing on some platforms and perl versions due to its UNIVERSAL:: package dependencies. - Remove Class::Accessor::Fast and replace with Moose. This allows us to not have a ->new method, This is more correct for Plugins and also means that Catalyst is not forced to invoke the scary replace_constructor at scope end handling. 0.12 2009-07-18 - Introduced a new option cookie_httponly - Option cookie_secure extended (old syntax fully supported) 0.11 2009-05-13 - Change TestApp so that the application is in t/lib, to make it easier for Catalyst to force our package to be immutable. 0.10 2009-02-08 - POD addition. - Switch from NEXT to MRO::Compat 0.09 2007-10-08 - Bump dependencies so that streaming a file also causes the cookie to be updated. - Add tests for this 0.08 2007-09-14 - Fix live test with Mech version 0.37+ - Switch to Module::Install 0.07 2007-04-04 23:10:00 - Fix the bug that caused sessions to expire immediately when another session was deleted previously in the same request cycle 0.06 2006-09-20 19:53:00 - Fix args in calls to NEXT::set_session_id and NEXT::extend_session_id 0.05 2006-08-06 20:50:00 - Add configuration of 'cookie_path' (Michael W Peterson) 0.04 - Depend on a higher version of C::P::Session 0.03 - refactored make_session_cookie to separate calc_expiry, and made that easily overloadable. - updated for the new state API (get_session_id, set_session_id, etc) 0.02 2005-12-28 13:51:00 - Fixed cookie_expires to support browser session cookies. - Renamed default cookie name from just 'session' to 'yourapp_session' to allow several applications on the same domain to exist without conflict (LTJake) 0.01 2005-11-14 12:45:00 - Initial release. Catalyst-Plugin-Session-State-Cookie-0.18/MANIFEST000644 000000 000000 00000001060 13721740130 021613 0ustar00rootwheel000000 000000 Changes lib/Catalyst/Plugin/Session/State/Cookie.pm maint/Makefile.PL.include Makefile.PL MANIFEST This list of files t/basic.t t/lib/CookieTestApp.pm t/lib/CookieTestApp/Controller/Root.pm t/live_app.t t/no_new_method.t xt/pod.t xt/podcoverage.t META.yml Module YAML meta-data (added by MakeMaker) META.json Module JSON meta-data (added by MakeMaker) README README file (added by Distar) LICENSE LICENSE file (added by Distar) Catalyst-Plugin-Session-State-Cookie-0.18/LICENSE000644 000000 000000 00000043445 13721740130 021504 0ustar00rootwheel000000 000000 Terms of the Perl programming language system itself a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" --- The GNU General Public License, Version 1, February 1989 --- This software is Copyright (c) 2020 by Yuval Kogman . This is free software, licensed under: The GNU General Public License, Version 1, February 1989 GNU GENERAL PUBLIC LICENSE Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice That's all there is to it! --- The Artistic License 1.0 --- This software is Copyright (c) 2020 by Yuval Kogman . This is free software, licensed under: The Artistic License 1.0 The Artistic License Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: - "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. - "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder. - "Copyright Holder" is whoever is named in the copyright or copyrights for the package. - "You" is you, if you're thinking about copying or distributing this Package. - "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) - "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as ftp.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) accompany any non-standard executables with their corresponding Standard Version executables, giving the non-standard executables non-standard names, and clearly documenting the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. 6. The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whomever generated them, and may be sold commercially, and may be aggregated with this Package. 7. C or perl subroutines supplied by you and linked into this Package shall not be considered part of this Package. 8. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End Catalyst-Plugin-Session-State-Cookie-0.18/t/000755 000000 000000 00000000000 13721740126 020735 5ustar00rootwheel000000 000000 Catalyst-Plugin-Session-State-Cookie-0.18/xt/000755 000000 000000 00000000000 13721740126 021125 5ustar00rootwheel000000 000000 Catalyst-Plugin-Session-State-Cookie-0.18/META.yml000644 000000 000000 00000001746 13721740126 021753 0ustar00rootwheel000000 000000 --- abstract: 'Maintain session IDs using cookies.' author: - 'Yuval Kogman ' build_requires: Catalyst::Test: '0' HTTP::Cookies: '0' Test::More: '0.88' configure_requires: ExtUtils::MakeMaker: '0' dynamic_config: 1 generated_by: 'ExtUtils::MakeMaker version 7.44, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: Catalyst-Plugin-Session-State-Cookie no_index: directory: - t - xt requires: Catalyst: '5.80005' Catalyst::Plugin::Session: '0.27' MRO::Compat: '0' Moose: '0' namespace::autoclean: '0' resources: bugtracker: https://rt.cpan.org/Public/Dist/Display.html?Name=Catalyst-Plugin-Session-State-Cookie license: http://dev.perl.org/licenses/ repository: git://git.shadowcat.co.uk/catagits/Catalyst-Plugin-Session-State-Cookie.git version: '0.18' x_authority: cpan:NUFFIN x_serialization_backend: 'CPAN::Meta::YAML version 0.018' Catalyst-Plugin-Session-State-Cookie-0.18/META.json000644 000000 000000 00000003707 13721740127 022123 0ustar00rootwheel000000 000000 { "abstract" : "Maintain session IDs using cookies.", "author" : [ "Yuval Kogman " ], "dynamic_config" : 1, "generated_by" : "ExtUtils::MakeMaker version 7.44, CPAN::Meta::Converter version 2.150010", "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : 2 }, "name" : "Catalyst-Plugin-Session-State-Cookie", "no_index" : { "directory" : [ "t", "xt" ] }, "prereqs" : { "build" : { "requires" : {} }, "configure" : { "requires" : { "ExtUtils::MakeMaker" : "0" } }, "develop" : { "requires" : { "Test::Pod" : "1.14", "Test::Pod::Coverage" : "1.04" } }, "runtime" : { "requires" : { "Catalyst" : "5.80005", "Catalyst::Plugin::Session" : "0.27", "MRO::Compat" : "0", "Moose" : "0", "namespace::autoclean" : "0" } }, "test" : { "requires" : { "Catalyst::Test" : "0", "HTTP::Cookies" : "0", "Test::More" : "0.88" } } }, "release_status" : "stable", "resources" : { "bugtracker" : { "mailto" : "bug-Catalyst-Plugin-Session-State-Cookie@rt.cpan.org", "web" : "https://rt.cpan.org/Public/Dist/Display.html?Name=Catalyst-Plugin-Session-State-Cookie" }, "license" : [ "http://dev.perl.org/licenses/" ], "repository" : { "type" : "git", "url" : "git://git.shadowcat.co.uk/catagits/Catalyst-Plugin-Session-State-Cookie.git", "web" : "http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/Catalyst-Plugin-Session-State-Cookie.git" } }, "version" : "0.18", "x_authority" : "cpan:NUFFIN", "x_serialization_backend" : "JSON::PP version 4.04" } Catalyst-Plugin-Session-State-Cookie-0.18/lib/000755 000000 000000 00000000000 13721740126 021240 5ustar00rootwheel000000 000000 Catalyst-Plugin-Session-State-Cookie-0.18/maint/000755 000000 000000 00000000000 13721740126 021602 5ustar00rootwheel000000 000000 Catalyst-Plugin-Session-State-Cookie-0.18/Makefile.PL000644 000000 000000 00000006211 13716424266 022454 0ustar00rootwheel000000 000000 use strict; use warnings FATAL => 'all'; use 5.006; my %META = ( name => 'Catalyst-Plugin-Session-State-Cookie', license => 'perl_5', prereqs => { configure => { requires => { 'ExtUtils::MakeMaker' => 0, } }, build => { requires => { } }, test => { requires => { 'Catalyst::Test' => 0, 'HTTP::Cookies' => 0, 'Test::More' => '0.88', }, }, runtime => { requires => { 'Catalyst' => '5.80005', 'Catalyst::Plugin::Session' => '0.27', 'MRO::Compat' => 0, 'Moose' => 0, 'namespace::autoclean' => 0, }, }, develop => { requires => { 'Test::Pod' => '1.14', 'Test::Pod::Coverage' => '1.04', }, }, }, resources => { repository => { url => 'git://git.shadowcat.co.uk/catagits/Catalyst-Plugin-Session-State-Cookie.git', web => 'http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/Catalyst-Plugin-Session-State-Cookie.git', type => 'git', }, bugtracker => { web => 'https://rt.cpan.org/Public/Dist/Display.html?Name=Catalyst-Plugin-Session-State-Cookie', mailto => 'bug-Catalyst-Plugin-Session-State-Cookie@rt.cpan.org', }, license => [ 'http://dev.perl.org/licenses/' ], }, no_index => { directory => [ 't', 'xt' ] }, x_authority => 'cpan:NUFFIN', ); my %MM_ARGS = (); ## BOILERPLATE ############################################################### require ExtUtils::MakeMaker; (do './maint/Makefile.PL.include' or die $@) unless -f 'META.yml'; # have to do this since old EUMM dev releases miss the eval $VERSION line my $eumm_version = eval $ExtUtils::MakeMaker::VERSION; my $mymeta = $eumm_version >= 6.57_02; my $mymeta_broken = $mymeta && $eumm_version < 6.57_07; ($MM_ARGS{NAME} = $META{name}) =~ s/-/::/g; ($MM_ARGS{VERSION_FROM} = "lib/$MM_ARGS{NAME}.pm") =~ s{::}{/}g; $META{license} = [ $META{license} ] if $META{license} && !ref $META{license}; $MM_ARGS{LICENSE} = $META{license}[0] if $META{license} && $eumm_version >= 6.30; $MM_ARGS{NO_MYMETA} = 1 if $mymeta_broken; $MM_ARGS{META_ADD} = { 'meta-spec' => { version => 2 }, %META } unless -f 'META.yml'; $MM_ARGS{PL_FILES} ||= {}; $MM_ARGS{NORECURS} = 1 if not exists $MM_ARGS{NORECURS}; for (qw(configure build test runtime)) { my $key = $_ eq 'runtime' ? 'PREREQ_PM' : uc $_.'_REQUIRES'; my $r = $MM_ARGS{$key} = { %{$META{prereqs}{$_}{requires} || {}}, %{delete $MM_ARGS{$key} || {}}, }; defined $r->{$_} or delete $r->{$_} for keys %$r; } $MM_ARGS{MIN_PERL_VERSION} = delete $MM_ARGS{PREREQ_PM}{perl} || 0; delete $MM_ARGS{MIN_PERL_VERSION} if $eumm_version < 6.47_01; $MM_ARGS{BUILD_REQUIRES} = {%{$MM_ARGS{BUILD_REQUIRES}}, %{delete $MM_ARGS{TEST_REQUIRES}}} if $eumm_version < 6.63_03; $MM_ARGS{PREREQ_PM} = {%{$MM_ARGS{PREREQ_PM}}, %{delete $MM_ARGS{BUILD_REQUIRES}}} if $eumm_version < 6.55_01; delete $MM_ARGS{CONFIGURE_REQUIRES} if $eumm_version < 6.51_03; ExtUtils::MakeMaker::WriteMakefile(%MM_ARGS); ## END BOILERPLATE ########################################################### Catalyst-Plugin-Session-State-Cookie-0.18/maint/Makefile.PL.include000644 000000 000000 00000000250 13716146066 025202 0ustar00rootwheel000000 000000 BEGIN { -e 'Distar' or system("git clone https://github.com/p5sagit/Distar.git") } use lib 'Distar/lib'; use Distar; author 'Yuval Kogman '; Catalyst-Plugin-Session-State-Cookie-0.18/lib/Catalyst/000755 000000 000000 00000000000 13721740126 023024 5ustar00rootwheel000000 000000 Catalyst-Plugin-Session-State-Cookie-0.18/lib/Catalyst/Plugin/000755 000000 000000 00000000000 13721740126 024262 5ustar00rootwheel000000 000000 Catalyst-Plugin-Session-State-Cookie-0.18/lib/Catalyst/Plugin/Session/000755 000000 000000 00000000000 13721740126 025705 5ustar00rootwheel000000 000000 Catalyst-Plugin-Session-State-Cookie-0.18/lib/Catalyst/Plugin/Session/State/000755 000000 000000 00000000000 13721740126 026765 5ustar00rootwheel000000 000000 Catalyst-Plugin-Session-State-Cookie-0.18/lib/Catalyst/Plugin/Session/State/Cookie.pm000644 000000 000000 00000020460 13721737431 030543 0ustar00rootwheel000000 000000 package Catalyst::Plugin::Session::State::Cookie; use Moose; use namespace::autoclean; extends 'Catalyst::Plugin::Session::State'; use MRO::Compat; use Catalyst::Utils (); our $VERSION = '0.18'; $VERSION =~ tr/_//d; has _deleted_session_id => ( is => 'rw' ); sub setup_session { my $c = shift; $c->maybe::next::method(@_); $c->_session_plugin_config->{cookie_name} ||= Catalyst::Utils::appprefix($c) . '_session'; } sub extend_session_id { my ( $c, $sid, $expires ) = @_; if ( my $cookie = $c->get_session_cookie ) { $c->update_session_cookie( $c->make_session_cookie( $sid ) ); } $c->maybe::next::method( $sid, $expires ); } sub set_session_id { my ( $c, $sid ) = @_; $c->update_session_cookie( $c->make_session_cookie( $sid ) ); return $c->maybe::next::method($sid); } sub update_session_cookie { my ( $c, $updated ) = @_; unless ( $c->cookie_is_rejecting( $updated ) ) { my $cookie_name = $c->_session_plugin_config->{cookie_name}; $c->response->cookies->{$cookie_name} = $updated; } } sub cookie_is_rejecting { my ( $c, $cookie ) = @_; if ( $cookie->{path} ) { return 1 if index '/'.$c->request->path, $cookie->{path}; } return 0; } sub make_session_cookie { my ( $c, $sid, %attrs ) = @_; my $cfg = $c->_session_plugin_config; my $cookie = { value => $sid, ( $cfg->{cookie_domain} ? ( domain => $cfg->{cookie_domain} ) : () ), ( $cfg->{cookie_path} ? ( path => $cfg->{cookie_path} ) : () ), %attrs, }; unless ( exists $cookie->{expires} ) { $cookie->{expires} = $c->calculate_session_cookie_expires(); } #beware: we have to accept also the old syntax "cookie_secure = true" my $sec = $cfg->{cookie_secure} || 0; # default = 0 (not set) $cookie->{secure} = 1 unless ( ($sec==0) || ($sec==2) ); $cookie->{secure} = 1 if ( ($sec==2) && $c->req->secure ); $cookie->{httponly} = $cfg->{cookie_httponly}; $cookie->{httponly} = 1 unless defined $cookie->{httponly}; # default = 1 (set httponly) $cookie->{samesite} = $cfg->{cookie_samesite}; $cookie->{samesite} = "Lax" unless defined $cookie->{ samesite}; # default = Lax return $cookie; } sub calc_expiry { # compat my $c = shift; $c->maybe::next::method( @_ ) || $c->calculate_session_cookie_expires( @_ ); } sub calculate_session_cookie_expires { my $c = shift; my $cfg = $c->_session_plugin_config; my $value = $c->maybe::next::method(@_); return $value if $value; if ( exists $cfg->{cookie_expires} ) { if ( $cfg->{cookie_expires} > 0 ) { return time() + $cfg->{cookie_expires}; } else { return undef; } } else { return $c->session_expires; } } sub get_session_cookie { my $c = shift; my $cookie_name = $c->_session_plugin_config->{cookie_name}; return $c->request->cookies->{$cookie_name}; } sub get_session_id { my $c = shift; if ( !$c->_deleted_session_id and my $cookie = $c->get_session_cookie ) { my $sid = $cookie->value; $c->log->debug(qq/Found sessionid "$sid" in cookie/) if $c->debug; return $sid if $sid; } $c->maybe::next::method(@_); } sub delete_session_id { my ( $c, $sid ) = @_; $c->_deleted_session_id(1); # to prevent get_session_id from returning it $c->update_session_cookie( $c->make_session_cookie( $sid, expires => 0 ) ); $c->maybe::next::method($sid); } 1; __END__ =head1 NAME Catalyst::Plugin::Session::State::Cookie - Maintain session IDs using cookies. =head1 SYNOPSIS use Catalyst qw/Session Session::State::Cookie Session::Store::Foo/; =head1 DESCRIPTION In order for L to work the session ID needs to be stored on the client, and the session data needs to be stored on the server. This plugin stores the session ID on the client using the cookie mechanism. =head1 METHODS =over 4 =item make_session_cookie Returns a hash reference with the default values for new cookies. =item update_session_cookie $hash_ref Sets the cookie based on C in the response object. =item calc_expiry =item calculate_session_cookie_expires =item cookie_is_rejecting =item delete_session_id =item extend_session_id =item get_session_cookie =item get_session_id =item set_session_id =back =head1 EXTENDED METHODS =over 4 =item prepare_cookies Will restore if an appropriate cookie is found. =item finalize_cookies Will set a cookie called C if it doesn't exist or if its value is not the current session id. =item setup_session Will set the C parameter to its default value if it isn't set. =back =head1 CONFIGURATION =over 4 =item cookie_name The name of the cookie to store (defaults to C). =item cookie_domain The name of the domain to store in the cookie (defaults to current host) =item cookie_expires Number of seconds from now you want to elapse before cookie will expire. Set to 0 to create a session cookie, ie one which will die when the user's browser is shut down. =item cookie_secure If this attribute B the cookie will not have the secure flag. If this attribute B (or true for backward compatibility) - the cookie sent by the server to the client will get the secure flag that tells the browser to send this cookie back to the server only via HTTPS. If this attribute B then the cookie will get the secure flag only if the request that caused cookie generation was sent over https (this option is not good if you are mixing https and http in your application). Default value is 0. =item cookie_httponly If this attribute B, the cookie will not have HTTPOnly flag. If this attribute B, the cookie will got HTTPOnly flag that should prevent client side Javascript accessing the cookie value - this makes some sort of session hijacking attacks significantly harder. Unfortunately not all browsers support this flag (MSIE 6 SP1+, Firefox 3.0.0.6+, Opera 9.5+); if a browser is not aware of HTTPOnly the flag will be ignored. Default value is 1. Note1: Many people are confused by the name "HTTPOnly" - it B that this cookie works only over HTTP and not over HTTPS. Note2: This parameter requires Catalyst::Runtime 5.80005 otherwise is skipped. =item cookie_samesite This attribute configures the value of the L flag. If set to None, the cookie will be sent when making cross origin requests, including following links from other origins. This requires the L flag to be set. If set to Lax, the cookie will not be included when embedded in or fetched from other origins, but will be included when following cross origin links. If set to Strict, the cookie will not be included for any cross origin requests, including links from different origins. Default value is C. This is the default modern browsers use. Note: This parameter requires Catalyst::Runtime 5.90125 otherwise is skipped. =item cookie_path The path of the request url where cookie should be baked. =back For example, you could stick this in MyApp.pm: __PACKAGE__->config( 'Plugin::Session' => { cookie_domain => '.mydomain.com', }); =head1 CAVEATS Sessions have to be created before the first write to be saved. For example: sub action : Local { my ( $self, $c ) = @_; $c->res->write("foo"); $c->session( ... ); ... } Will cause a session ID to not be set, because by the time a session is actually created the headers have already been sent to the client. =head1 SEE ALSO L, L. =head1 AUTHORS Yuval Kogman =head1 CONTRIBUTORS This module is derived from L code, and has been heavily modified since. Andrew Ford Andy Grundman Christian Hansen Marcus Ramberg Jonathan Rockway Sebastian Riedel Florian Ragwitz =head1 COPYRIGHT Copyright (c) 2005 - 2009 the Catalyst::Plugin::Session::State::Cookie L and L as listed above. =head1 LICENSE This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself. =cut Catalyst-Plugin-Session-State-Cookie-0.18/xt/pod.t000644 000000 000000 00000000122 13716146066 022076 0ustar00rootwheel000000 000000 use strict; use warnings; use Test::More; use Test::Pod 1.14; all_pod_files_ok(); Catalyst-Plugin-Session-State-Cookie-0.18/xt/podcoverage.t000644 000000 000000 00000000140 13716146066 023612 0ustar00rootwheel000000 000000 use strict; use warnings; use Test::More; use Test::Pod::Coverage 1.04; all_pod_coverage_ok(); Catalyst-Plugin-Session-State-Cookie-0.18/t/basic.t000644 000000 000000 00000005343 13716425035 022213 0ustar00rootwheel000000 000000 use strict; use warnings; use Test::More tests => 13; use Catalyst::Plugin::Session; my $m; BEGIN { use_ok( $m = "Catalyst::Plugin::Session::State::Cookie" ) } my $cookie_meta = Class::MOP::Class->create_anon_class( superclasses => ['Moose::Object'] ); my $cookie = $cookie_meta->name->new; $cookie_meta->add_method( value => sub { "the session id" } ); my $req_meta = Class::MOP::Class->create_anon_class( superclasses => ['Moose::Object'] ); my %req_cookies; $req_meta->add_method( cookies => sub { \%req_cookies } ); my $req = $req_meta->name->new; my $res_meta = Class::MOP::Class->create_anon_class( superclasses => ['Moose::Object'] ); my %res_cookies; my $cookies_called = 0; $res_meta->add_method( cookies => sub { $cookies_called++; \%res_cookies }); my $res = $res_meta->name->new; my $cxt_meta = Class::MOP::Class->create_anon_class( superclasses => [qw/ Catalyst::Plugin::Session Catalyst::Plugin::Session::State::Cookie Moose::Object /], ); my $config = {}; $cxt_meta->add_method( config => sub { $config }); $cxt_meta->add_method( request => sub { $req }); $cxt_meta->add_method( response => sub { $res }); $cxt_meta->add_method( session => sub { { } } ); $cxt_meta->add_method( session_expires => sub { 123 }); $cxt_meta->add_method("debug" => sub { 0 }); my $sessionid; $cxt_meta->add_method( sessionid => sub { shift; $sessionid = shift if @_; $sessionid } ); can_ok( $m, "setup_session" ); my $cxt = $cxt_meta->name->new; $cxt->setup_session; like( $config->{'Plugin::Session'}{cookie_name}, qr/_session$/, "default cookie name is set" ); $config->{'Plugin::Session'}{cookie_name} = "session"; can_ok( $m, "get_session_id" ); ok( !$cxt->get_session_id, "no session id yet"); $cxt = $cxt_meta->name->new; %req_cookies = ( session => $cookie ); is( $cxt->get_session_id, "the session id", "session ID was restored from cookie" ); $cxt_meta->name->new; %res_cookies = (); can_ok( $m, "set_session_id" ); $cxt->set_session_id("moose"); ok( $cookies_called, "created a cookie on set" ); $cookies_called = 0; $cxt_meta->name->new; %res_cookies = (); $cxt->set_session_id($sessionid); ok( $cookies_called, "response cookie was set when sessionid changed" ); is_deeply( \%res_cookies, { session => { value => $sessionid, httponly => 1, expires => 123, samesite => 'Lax', }, }, "cookie was set correctly" ); $cxt_meta->name->new; can_ok( $m, "cookie_is_rejecting" ); %req_cookies = ( path => '/foo' ); my $path = ''; $req_meta->add_method( path => sub { $path } ); ok( $cxt->cookie_is_rejecting(\%req_cookies), "cookie is rejecting" ); $path = 'foo/bar'; ok( !$cxt->cookie_is_rejecting(\%req_cookies), "cookie is not rejecting" ); Catalyst-Plugin-Session-State-Cookie-0.18/t/no_new_method.t000644 000000 000000 00000000260 13715175620 023751 0ustar00rootwheel000000 000000 use strict; use warnings; use Test::More tests => 1; use Catalyst::Plugin::Session::State::Cookie; ok !Catalyst::Plugin::Session::State::Cookie->can('new'), 'No new method'; Catalyst-Plugin-Session-State-Cookie-0.18/t/lib/000755 000000 000000 00000000000 13721740126 021503 5ustar00rootwheel000000 000000 Catalyst-Plugin-Session-State-Cookie-0.18/t/live_app.t000644 000000 000000 00000004450 13716424040 022722 0ustar00rootwheel000000 000000 use strict; use warnings; use FindBin qw/$Bin/; use lib "$Bin/lib"; use Test::More; use HTTP::Cookies; use Catalyst::Utils (); use Catalyst::Test qw(CookieTestApp); my $jar = HTTP::Cookies->new; my %cookie; my $get = sub { my $url = shift; my $req = Catalyst::Utils::request($url); $jar->add_cookie_header($req); my $res = request($req); $jar->extract_cookies($res); $jar->scan( sub { if ($_[1] eq 'cookietestapp_session') { @cookie{qw( version key val path domain port path_spec secure expires discard hash )} = @_; } } ); return $res; }; my $res; $res = $get->('/stream'); ok $res->is_success, 'get page'; like $res->content, qr/hit number 1/, 'session data created'; my $expired = $cookie{expires}; $res = $get->('/page'); ok $res->is_success, 'get page'; like $res->content, qr/hit number 2/, 'session data restored'; $res = $get->('/page'); ok $res->is_success, 'get page'; like $res->content, qr/hit number 3/, 'session data restored'; sleep 1; $res = $get->('/page'); ok $res->is_success, 'get page'; like $res->content, qr/hit number 4/, 'session data restored'; cmp_ok $expired, '<', $cookie{expires}, 'cookie expiration was extended'; $expired = $cookie{expires}; $res = $get->('/page'); ok $res->is_success, 'get page'; like $res->content, qr/hit number 5/, 'session data restored'; sleep 1; $res = $get->('/stream'); ok $res->is_success, 'get stream'; like $res->content, qr/hit number 6/, 'session data restored'; cmp_ok $expired, '<', $cookie{expires}, 'streaming also extends cookie'; $res = $get->('/deleteme'); ok $res->is_success, 'get page'; is $res->content, '1', 'session id changed'; $res = $get->('https://localhost/page'); ok $res->is_success, 'get page over HTTPS - init session'; like $res->content, qr/hit number 1/, 'first hit'; $res = $get->('http://localhost/page'); ok $res->is_success, 'get page again over HTTP'; like $res->content, qr/hit number 1/, 'first hit again - cookie not sent'; $res = $get->('https://localhost/page'); ok $res->is_success, 'get page over HTTPS'; like $res->content, qr/hit number 2/, 'second hit'; done_testing; Catalyst-Plugin-Session-State-Cookie-0.18/t/lib/CookieTestApp/000755 000000 000000 00000000000 13721740126 024215 5ustar00rootwheel000000 000000 Catalyst-Plugin-Session-State-Cookie-0.18/t/lib/CookieTestApp.pm000644 000000 000000 00000000412 13715175620 024554 0ustar00rootwheel000000 000000 package # Hide from PAUSE CookieTestApp; use strict; use warnings; use base qw/Catalyst/; use Catalyst qw/ Session Session::Store::Dummy Session::State::Cookie /; __PACKAGE__->config('Plugin::Session' => { cookie_secure => 2 }); __PACKAGE__->setup; 1; Catalyst-Plugin-Session-State-Cookie-0.18/t/lib/CookieTestApp/Controller/000755 000000 000000 00000000000 13721740126 026340 5ustar00rootwheel000000 000000 Catalyst-Plugin-Session-State-Cookie-0.18/t/lib/CookieTestApp/Controller/Root.pm000644 000000 000000 00000001161 13715175620 027624 0ustar00rootwheel000000 000000 package # PAUSE HIDE CookieTestApp::Controller::Root; use strict; use warnings; use base qw/Catalyst::Controller/; __PACKAGE__->config( namespace => '' ); sub page : Local { my ( $self, $c ) = @_; $c->res->body( "Hi! hit number " . ++$c->session->{counter} ); } sub stream : Local { my ( $self, $c ) = @_; my $count = ++$c->session->{counter}; $c->res->write("hit number "); $c->res->write($count); } sub deleteme : Local { my ( $self, $c ) = @_; my $id = $c->get_session_id; $c->delete_session; my $id2 = $c->get_session_id; $c->res->body( $id ne ( $id2 || '' ) ); } 1;