[Melbourne-pm] An article on session storage in perl weekly newsletter
Ben Vinnerd
ben at vinnerd.com
Tue Feb 18 00:44:51 PST 2014
On 18 February 2014 01:53, Toby Corkindale <
toby.corkindale at strategicdata.com.au> wrote:
> You get somewhat better quality modules if you use one of the Perl web
> stacks, Dancer, Catalyst, etc. However, even the standard session stores
> for Catalyst::Session::Store (File and DBI/DBIC) don't do automatic expiry
> as far as I can tell. (I didn't investigate Dancer or Mojolicious)
>
You should have in investigated Mojo :)
It uses client based sessions, so the session data is stored on the client
encrypted and signed to prevent tampering. No database required.
http://mojolicio.us/perldoc/Mojolicious/Guides/Growing#Sessions
You can expire a session as you would usually by setting the cookies
expires attribute. Can be modified by the client, but you encode the expiry
date in the session too (encrypted and signed, remember), or you could even
change the "secret" in the application every so often to make it even more
secure.
Whether you trust it or not is a different matter though.
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/melbourne-pm/attachments/20140218/9f2729bb/attachment.html>
More information about the Melbourne-pm
mailing list