libplack-middleware-session-perl 0.30-2 / usr / share / perl5 / Plack / Middleware / Session.pm

This file is indexed.

/usr/share/perl5/Plack/Middleware/Session.pm is in libplack-middleware-session-perl 0.30-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
package Plack::Middleware::Session;
use strict;
use warnings;

our $VERSION   = '0.30';
our $AUTHORITY = 'cpan:STEVAN';

use Plack::Util;
use Scalar::Util;
use Plack::Session::Cleanup;

use parent 'Plack::Middleware';

use Plack::Util::Accessor qw(
    state
    store
);

sub prepare_app {
    my $self = shift;

    $self->state( 'Cookie' ) unless $self->state;
    $self->state( $self->inflate_backend('Plack::Session::State', $self->state) );
    $self->store( $self->inflate_backend('Plack::Session::Store', $self->store) );
}

sub inflate_backend {
    my($self, $prefix, $backend) = @_;

    return $backend if defined $backend && Scalar::Util::blessed $backend;

    my @class;
    push @class, $backend if defined $backend; # undef means the root class
    push @class, $prefix;

    Plack::Util::load_class(@class)->new();
}

sub call {
    my $self = shift;
    my $env  = shift;

    my($id, $session) = $self->get_session($env);
    if ($id && $session) {
        $env->{'psgix.session'} = $session;
    } else {
        $id = $self->generate_id($env);
        $env->{'psgix.session'} = {};
    }

    $env->{'psgix.session.options'} = { id => $id };

    my $res = $self->app->($env);
    $self->response_cb($res, sub { $self->finalize($env, $_[0]) });
}

sub get_session {
    my($self, $env) = @_;

    my $id = $self->state->extract($env)   or return;
    my $session = $self->store->fetch($id) or return;

    return ($id, $session);
}

sub generate_id {
    my($self, $env) = @_;
    $self->state->generate($env);
}

sub commit {
    my($self, $env) = @_;

    my $session = $env->{'psgix.session'};
    my $options = $env->{'psgix.session.options'};

    my $end = sub {
        return if $options->{no_store};
        $self->store->store($options->{id}, $session);
    };

    if (not $options->{late_store}) {
        $end->();
    } elsif ($env->{'psgix.cleanup'}) {
        push @{$env->{'psgix.cleanup.handlers'}}, $end;
    } else {
        $env->{'psgix.session.cleanup'}
            = Plack::Session::Cleanup->new($end);
    }
}

sub finalize {
    my($self, $env, $res) = @_;

    my $session = $env->{'psgix.session'};
    my $options = $env->{'psgix.session.options'};

    if ($options->{expire}) {
        $self->expire_session($options->{id}, $res, $env);
    } else {
        $self->change_id($env) if $options->{change_id};
        $self->commit($env);
        $self->save_state($options->{id}, $res, $env);
    }
}

sub change_id {
    my($self, $env) = @_;

    my $options = $env->{'psgix.session.options'};

    $self->store->remove($options->{id});
    $options->{id} = $self->generate_id($env);
}

sub expire_session {
    my($self, $id, $res, $env) = @_;
    $self->store->remove($id);
    $self->state->expire_session_id($id, $res, $env->{'psgix.session.options'});
}

sub save_state {
    my($self, $id, $res, $env) = @_;
    $self->state->finalize($id, $res, $env->{'psgix.session.options'});
}

1;

__END__

=pod

=head1 NAME

Plack::Middleware::Session - Middleware for session management

=head1 SYNOPSIS

  use Plack::Builder;

  my $app = sub {
      my $env = shift;
      my $session = $env->{'psgix.session'};
      return [
          200,
          [ 'Content-Type' => 'text/plain' ],
          [ "Hello, you've been here for ", $session->{counter}++, "th time!" ],
      ];
  };

  builder {
      enable 'Session';
      $app;
  };

  # Or, use the File store backend (great if you use multiprocess server)
  # For more options, see perldoc Plack::Session::Store::File
  builder {
      enable 'Session', store => 'File';
      $app;
  };

=head1 DESCRIPTION

This is a Plack Middleware component for session management. By
default it will use cookies to keep session state and store data in
memory. This distribution also comes with other state and store
solutions. See perldoc for these backends how to use them.

It should be noted that we store the current session as a hash
reference in the C<psgix.session> key inside the C<$env> where you can
access it as needed.

B<NOTE:> As of version 0.04 the session is stored in C<psgix.session>
instead of C<plack.session>.

=head2 State

=over 4

=item L<Plack::Session::State>

This will maintain session state by passing the session through
the request params. It does not do this automatically though,
you are responsible for passing the session param.

=item L<Plack::Session::State::Cookie>

This will maintain session state using browser cookies.

=back

=head2 Store

=over 4

=item L<Plack::Session::Store>

This is your basic in-memory session data store. It is volatile storage
and not recommended for multiprocessing environments. However it is
very useful for development and testing.

=item L<Plack::Session::Store::File>

This will persist session data in a file. By default it uses
L<Storable> but it can be configured to have a custom serializer and
deserializer.

=item L<Plack::Session::Store::Cache>

This will persist session data using the L<Cache> interface.

=item L<Plack::Session::Store::Null>

Sometimes you don't care about storing session data, in that case
you can use this noop module.

=back

=head1 OPTIONS

The following are options that can be passed to this module.

=over 4

=item I<state>

This is expected to be an instance of L<Plack::Session::State> or an
object that implements the same interface. If no option is provided
the default L<Plack::Session::State::Cookie> will be used.

=item I<store>

This is expected to be an instance of L<Plack::Session::Store> or an
object that implements the same interface. If no option is provided
the default L<Plack::Session::Store> will be used.

It should be noted that this default is an in-memory volatile store
is only suitable for development (or single process servers). For a
more robust solution see L<Plack::Session::Store::File> or
L<Plack::Session::Store::Cache>.

=back

=head1 PLACK REQUEST OPTIONS

In addition to providing a C<psgix.session> key in C<$env> for
persistent session information, this module also provides a
C<psgix.session.options> key which can be used to control the behavior
of the module per-request.  The following sub-keys exist:

=over

=item I<change_id>

If set to a true value, forces the session identifier to change.  This
should always be done after logging in, to prevent session fixation
attacks from subdomains; see
L<http://en.wikipedia.org/wiki/Session_fixation#Attacks_using_cross-subdomain_cooking>

=item I<expire>

If set to a true value, expunges the session from the store, and clears
the state in the client.

=item I<no_store>

If set to a true value, no changes made to the session in this request
will be saved to the store.  Either L</expire> and I</change_id> take
precedence over this, as both need to update the session store.

=item I<late_store>

If set to a true value, the session will be saved at the I<end> of the
request, after all data has been sent to the client -- this may be
required if streaming responses attempt to alter the session after the
header has already been sent to the client.  Note, however, that it
introduces a possible race condition, where the server attempts to store
the updated session before the client makes the next request.  For
redirects, or other responses on which the client needs do minimal
processing before making a second request, this race is quite possible
to win -- causing the second request to obtain stale session data.

=item I<id>

This key contains the session identifier of the session.  It should be
considered read-only; to generate a new identifier, use L</change_id>.

=back

=head1 BUGS

All complex software has bugs lurking in it, and this module is no
exception. If you find a bug please either email me, or add the bug
to cpan-RT.

=head1 AUTHOR

Tatsuhiko Miyagawa

Stevan Little E<lt>stevan.little@iinteractive.comE<gt>

=head1 COPYRIGHT AND LICENSE

Copyright 2009, 2010 Infinity Interactive, Inc.

L<http://www.iinteractive.com>

This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.

=cut

APT Browse - Built by Thomas Orozco.