如何设置由Plack :: Middleware :: Session管理的cookie的到期时间? [英] How to set the expiration time for a cookie managed by Plack::Middleware::Session?
问题描述
现在我的app.psgi
包含(简体):
Now my app.psgi
contains (simplified):
builder {
enable 'Session', store => 'File'; #default uses Plack::Session::State::Cookie
$app;
};
稍后,在我正在使用的$app
中:
Later, in the $app
I'm using:
my $req = Plack::Request->new($env);
my $session = $req->session(); #returns env->{'psgix.session'}
$session->{user} = "name";
它可以正常运行,确定,例如:
It works ok, e.g.:
- 用户登录后,我将其姓名存储在服务器端存储的会话文件中,并且 Plack :: Middleware :: Session 设置一个简单的会话状态cookie,
- ,当用户关闭浏览器时,该cookie会自动清除(因为 Plack :: Session :: State :: Cookie 默认未设置Cookie的任何有效期.)
- when the user logged in, I store his name in the server-side stored session-file, and the Plack::Middleware::Session sets an simple session-state-cookie,
- and when the user closing the browser, the cookie is automatically cleared (because the Plack::Session::State::Cookie by default didn't set any expiration for the cookie).
现在,我要在我的登录面板中实现记住我"功能.在这种情况下,不应从浏览器中自动删除sesion-state-cookie.这可以通过使用 Plack :: Session中的expires
方法来完成. :: State :: Cookie .
Now, I want implement the "Remember me" feature in my login-panel. In this case, the sesion-state-cookie should-not be removed automatically from the browser. This can be done, by using the expires
method from the Plack::Session::State::Cookie.
问题:
如何更改Cookie的过期时间(由 Session 中间件进行管理)来自我的$app
.换句话说,如何在这里稍微调用expire方法:
How I can change the cookie expiration (managed by the Session middleware) from my $app
. With other words, how to call the expire method somewhat here:
my $req = Plack::Request->new($env);
my $session = $req->session(); #returns env->{'psgix.session'}
$session->{user} = "name";
my $cookie_state = WHAT_TO_DO_HERE_TO_GET; #the current Plack::Session::State::Cookie object
$cookie_state->expire(86400*14); #expire in two weeks
如果有人需要,这是一个可行的示例.
If someone needs, here is an working example.
use strict;
use warnings;
use Plack::Request;
use Plack::Response;
use Plack::Builder;
use Data::Dumper;
my $app = sub {
my $env = shift;
my $req = Plack::Request->new($env);
my $session = $req->session;
my $res = Plack::Response->new(200);
$res->content_type('text/html');
my $link = $session->{user}
? q{ <a href="/logout">logout</a>}
: q{ <a href="/login">login</a>}
;
$res->body(["Session user:", $session->{user}, "<br>$link"]);
return $res->finalize;
};
my $login = sub {
my $env = shift;
my $req = Plack::Request->new($env);
my $session = $req->session;
$session->{user} = "some";
#how to set here the session-state-cookie expiration?
my $res = Plack::Response->new();
$res->redirect("/", 302);
return $res->finalize;
};
my $logout = sub {
my $env = shift;
my $req = Plack::Request->new($env);
my $session = $req->session;
delete $session->{user};
my $res = Plack::Response->new();
$res->redirect("/", 302);
return $res->finalize;
};
builder {
enable 'Session', store => 'File';
mount "/login" => $login;
mount "/logout" => $logout;
mount "/favicon.ico" => sub { return [ 404, ['Content-Type' => 'text/html'], [ '404 Not Found' ] ] };
mount "/" => $app;
};
推荐答案
您不能直接更改有效期,但是可以强制会话中间件创建具有新有效期的新会话,如下所示:
You can't change the expiration date directly, but you can force the session middleware to create a new session with a new expiration date like this:
$env->{'psgix.session.options'}{change_id} = 1;
$env->{'psgix.session.options'}{expires} = $my_expires;
如果用户登录,则无论如何都应将ID更改为防止会话固定攻击.有关受支持的到期日期格式,请参见 Cookie::Baker
.
If a user logs in, you should change the ID anyway to prevent session fixation attacks. See Cookie::Baker
for supported expiration date formats.
编辑:如果要全局设置默认的过期超时,则可以手动构建状态对象,并将expires
参数传递给构造函数:
If you want to set the default expiration timeout globally, you can build the state object manually and pass the expires
parameter to the constructor:
builder {
enable 'Session',
state => Plack::Session::State->new(
expires => $timeout_in_seconds,
);
$app;
};
这篇关于如何设置由Plack :: Middleware :: Session管理的cookie的到期时间?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!