line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Mojolicious::Sessions::ThreeS; |
2
|
|
|
|
|
|
|
$Mojolicious::Sessions::ThreeS::VERSION = '0.003'; |
3
|
2
|
|
|
2
|
|
6
|
use strict; |
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
46
|
|
4
|
2
|
|
|
2
|
|
7
|
use warnings; |
|
2
|
|
|
|
|
2
|
|
|
2
|
|
|
|
|
41
|
|
5
|
|
|
|
|
|
|
|
6
|
2
|
|
|
2
|
|
23
|
use Carp; |
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
131
|
|
7
|
2
|
|
|
2
|
|
8
|
use Mojo::Base 'Mojolicious::Sessions'; |
|
2
|
|
|
|
|
4
|
|
|
2
|
|
|
|
|
10
|
|
8
|
|
|
|
|
|
|
|
9
|
2
|
|
|
2
|
|
748
|
use Mojolicious::Sessions::ThreeS::State::Cookie; |
|
2
|
|
|
|
|
4
|
|
|
2
|
|
|
|
|
19
|
|
10
|
2
|
|
|
2
|
|
967
|
use Mojolicious::Sessions::ThreeS::SidGen::Simple; |
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
17
|
|
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
=head1 NAME |
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
Mojolicious::Sessions:ThreeS - A Mojolicious Sessions manager that supports controlling Storage, State and Sid generation. |
15
|
|
|
|
|
|
|
|
16
|
|
|
|
|
|
|
=head1 SYNOPSIS |
17
|
|
|
|
|
|
|
|
18
|
|
|
|
|
|
|
You can use this directly when you build your mojolicious App: |
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
package My::App; |
21
|
|
|
|
|
|
|
use Mojo::Base 'Mojolicious'; |
22
|
|
|
|
|
|
|
|
23
|
|
|
|
|
|
|
use Mojolicious::Sessions:ThreeS; |
24
|
|
|
|
|
|
|
|
25
|
|
|
|
|
|
|
sub startup{ |
26
|
|
|
|
|
|
|
my ($app) = @_; |
27
|
|
|
|
|
|
|
... |
28
|
|
|
|
|
|
|
$app->sessions( Mojolicious::Sessions:ThreeS->new({ storage => ... , state => ... , sidgen => ... } ) ); |
29
|
|
|
|
|
|
|
... |
30
|
|
|
|
|
|
|
} |
31
|
|
|
|
|
|
|
|
32
|
|
|
|
|
|
|
Or as a plugin, with exactly the same arguments. See L. |
33
|
|
|
|
|
|
|
|
34
|
|
|
|
|
|
|
=cut |
35
|
|
|
|
|
|
|
|
36
|
|
|
|
|
|
|
has 'storage'; |
37
|
|
|
|
|
|
|
has 'state' => sub{ |
38
|
|
|
|
|
|
|
return Mojolicious::Sessions::ThreeS::State::Cookie->new(); |
39
|
|
|
|
|
|
|
}; |
40
|
|
|
|
|
|
|
has 'sidgen' => sub{ |
41
|
|
|
|
|
|
|
return Mojolicious::Sessions::ThreeS::SidGen::Simple->new(); |
42
|
|
|
|
|
|
|
}; |
43
|
|
|
|
|
|
|
|
44
|
|
|
|
|
|
|
=head2 new |
45
|
|
|
|
|
|
|
|
46
|
|
|
|
|
|
|
Builds an instance of this given the following properties (all optional): |
47
|
|
|
|
|
|
|
|
48
|
|
|
|
|
|
|
=over |
49
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
=item storage |
51
|
|
|
|
|
|
|
|
52
|
|
|
|
|
|
|
An instance of a subclass of L. Defaults to C |
53
|
|
|
|
|
|
|
|
54
|
|
|
|
|
|
|
When not given, this will consider itself inactive and fallback to the default L behaviour. |
55
|
|
|
|
|
|
|
|
56
|
|
|
|
|
|
|
=item state |
57
|
|
|
|
|
|
|
|
58
|
|
|
|
|
|
|
An instance of a subclass of L. Defaults to |
59
|
|
|
|
|
|
|
an instance of L. |
60
|
|
|
|
|
|
|
|
61
|
|
|
|
|
|
|
=item sidgen |
62
|
|
|
|
|
|
|
|
63
|
|
|
|
|
|
|
An Session ID generator, instance of L. Defaults |
64
|
|
|
|
|
|
|
to an instance of L. |
65
|
|
|
|
|
|
|
|
66
|
|
|
|
|
|
|
=back |
67
|
|
|
|
|
|
|
|
68
|
|
|
|
|
|
|
=cut |
69
|
|
|
|
|
|
|
|
70
|
|
|
|
|
|
|
sub new{ |
71
|
3
|
|
|
3
|
1
|
6
|
my ( $class ) = ( shift ); |
72
|
|
|
|
|
|
|
|
73
|
3
|
|
|
|
|
10
|
my $self = $class->SUPER::new( @_ ); |
74
|
|
|
|
|
|
|
|
75
|
3
|
|
|
|
|
24
|
return $self; |
76
|
|
|
|
|
|
|
} |
77
|
|
|
|
|
|
|
|
78
|
|
|
|
|
|
|
=head2 was_set |
79
|
|
|
|
|
|
|
|
80
|
|
|
|
|
|
|
This was set with explicit store, storage and sid generator. |
81
|
|
|
|
|
|
|
|
82
|
|
|
|
|
|
|
Usage: |
83
|
|
|
|
|
|
|
|
84
|
|
|
|
|
|
|
if ( $this->was_set() ){ |
85
|
|
|
|
|
|
|
... |
86
|
|
|
|
|
|
|
} |
87
|
|
|
|
|
|
|
|
88
|
|
|
|
|
|
|
=cut |
89
|
|
|
|
|
|
|
|
90
|
|
|
|
|
|
|
sub was_set{ |
91
|
76
|
|
|
76
|
1
|
71
|
my ($self) = @_; |
92
|
76
|
|
66
|
|
|
125
|
return $self->storage() && $self->state(); |
93
|
|
|
|
|
|
|
} |
94
|
|
|
|
|
|
|
|
95
|
|
|
|
|
|
|
=head2 cookie_domain |
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
From L. Delegate to the underlying Cookie |
98
|
|
|
|
|
|
|
based state. Use this only if you know the state object supports cookies. |
99
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
=cut |
101
|
|
|
|
|
|
|
|
102
|
|
|
|
|
|
|
sub cookie_domain{ |
103
|
2
|
|
|
2
|
1
|
176
|
my ($self, @rest ) = @_; |
104
|
2
|
50
|
|
|
|
3
|
unless( $self->was_set() ){ return $self->SUPER::cookie_domain( @rest ); } |
|
2
|
|
|
|
|
16
|
|
105
|
0
|
|
|
|
|
0
|
return $self->state->cookie_domain( @rest ); |
106
|
|
|
|
|
|
|
} |
107
|
|
|
|
|
|
|
|
108
|
|
|
|
|
|
|
|
109
|
|
|
|
|
|
|
=head2 cookie_name |
110
|
|
|
|
|
|
|
|
111
|
|
|
|
|
|
|
From L. Delegate to the underlying Cookie |
112
|
|
|
|
|
|
|
based state. Use this only if you know the state object supports cookies. |
113
|
|
|
|
|
|
|
|
114
|
|
|
|
|
|
|
=cut |
115
|
|
|
|
|
|
|
|
116
|
|
|
|
|
|
|
sub cookie_name{ |
117
|
8
|
|
|
8
|
1
|
89
|
my ($self, @rest ) = @_; |
118
|
8
|
100
|
|
|
|
13
|
unless( $self->was_set() ){ return $self->SUPER::cookie_name( @rest ); } |
|
6
|
|
|
|
|
33
|
|
119
|
2
|
|
|
|
|
39
|
return $self->state->cookie_name( @rest ); |
120
|
|
|
|
|
|
|
} |
121
|
|
|
|
|
|
|
|
122
|
|
|
|
|
|
|
=head2 cookie_path |
123
|
|
|
|
|
|
|
|
124
|
|
|
|
|
|
|
From L. Delegate to the underlying Cookie |
125
|
|
|
|
|
|
|
based state. Use this only if you know the state object supports cookies. |
126
|
|
|
|
|
|
|
|
127
|
|
|
|
|
|
|
=cut |
128
|
|
|
|
|
|
|
|
129
|
|
|
|
|
|
|
sub cookie_path{ |
130
|
4
|
|
|
4
|
1
|
35
|
my ($self, @rest ) = @_; |
131
|
4
|
100
|
|
|
|
8
|
unless( $self->was_set() ){ return $self->SUPER::cookie_path( @rest ); } |
|
2
|
|
|
|
|
12
|
|
132
|
2
|
|
|
|
|
17
|
return $self->state->cookie_path( @rest ); |
133
|
|
|
|
|
|
|
} |
134
|
|
|
|
|
|
|
|
135
|
|
|
|
|
|
|
=head2 secure |
136
|
|
|
|
|
|
|
|
137
|
|
|
|
|
|
|
From L. Delegate to the underlying Cookie |
138
|
|
|
|
|
|
|
based state. Use this only if you know the state object supports cookies. |
139
|
|
|
|
|
|
|
|
140
|
|
|
|
|
|
|
=cut |
141
|
|
|
|
|
|
|
|
142
|
|
|
|
|
|
|
sub secure{ |
143
|
2
|
|
|
2
|
1
|
9
|
my ($self, @rest ) = @_; |
144
|
2
|
50
|
|
|
|
3
|
unless( $self->was_set() ){ return $self->SUPER::secure( @rest ); } |
|
2
|
|
|
|
|
11
|
|
145
|
0
|
|
|
|
|
0
|
return $self->state->secure( @rest ); |
146
|
|
|
|
|
|
|
} |
147
|
|
|
|
|
|
|
|
148
|
|
|
|
|
|
|
=head2 load |
149
|
|
|
|
|
|
|
|
150
|
|
|
|
|
|
|
Implements load from L |
151
|
|
|
|
|
|
|
|
152
|
|
|
|
|
|
|
=cut |
153
|
|
|
|
|
|
|
|
154
|
|
|
|
|
|
|
sub load{ |
155
|
35
|
|
|
35
|
1
|
139317
|
my ($self, $controller) = @_; |
156
|
|
|
|
|
|
|
|
157
|
35
|
100
|
|
|
|
78
|
unless( $self->was_set() ){ return $self->SUPER::load( $controller ); } |
|
3
|
|
|
|
|
32
|
|
158
|
|
|
|
|
|
|
|
159
|
|
|
|
|
|
|
# Stuff was set, we need to use it. |
160
|
32
|
|
|
|
|
307
|
my $session_id = $self->state()->get_session_id( $controller ); |
161
|
32
|
100
|
|
|
|
2438
|
unless( $session_id ){ |
162
|
22
|
|
|
|
|
32
|
return; |
163
|
|
|
|
|
|
|
} |
164
|
|
|
|
|
|
|
|
165
|
10
|
|
|
|
|
25
|
my $session = $self->storage->get_session( $session_id ); |
166
|
10
|
50
|
|
|
|
88
|
unless( $session ){ |
167
|
0
|
|
|
|
|
0
|
return; |
168
|
|
|
|
|
|
|
} |
169
|
|
|
|
|
|
|
|
170
|
|
|
|
|
|
|
# We just want to set the session in the stash, as required |
171
|
|
|
|
|
|
|
# by Mojolicious::Controller::session |
172
|
|
|
|
|
|
|
|
173
|
|
|
|
|
|
|
# Expiration management. |
174
|
|
|
|
|
|
|
# This is the 'Policy' setting. |
175
|
10
|
50
|
|
|
|
38
|
my $expiration = defined( $session->{expiration} ) ? $session->{expiration} : $self->default_expiration(); |
176
|
|
|
|
|
|
|
|
177
|
|
|
|
|
|
|
# This is the actual date at which the session should expire. |
178
|
10
|
|
|
|
|
39
|
my $expires = delete $session->{expires}; |
179
|
|
|
|
|
|
|
|
180
|
10
|
50
|
33
|
|
|
40
|
if( $expiration && |
181
|
|
|
|
|
|
|
! $expires ){ |
182
|
|
|
|
|
|
|
# No expiry time, but there should be one. Delete the session_id and return |
183
|
0
|
|
|
|
|
0
|
$self->storage()->remove_session_id( $session_id ); |
184
|
0
|
|
|
|
|
0
|
return; |
185
|
|
|
|
|
|
|
} |
186
|
10
|
50
|
33
|
|
|
33
|
if( defined $expires && $expires <= time() ){ |
187
|
|
|
|
|
|
|
# Session as expired. |
188
|
0
|
|
|
|
|
0
|
$self->storage()->remove_session_id( $session_id ); |
189
|
0
|
|
|
|
|
0
|
return; |
190
|
|
|
|
|
|
|
} |
191
|
|
|
|
|
|
|
|
192
|
|
|
|
|
|
|
# If the session is empty, we dont want it to be marked active. |
193
|
10
|
50
|
|
|
|
66
|
return unless $controller->stash()->{'mojo.active_session'} = scalar( keys %$session ); |
194
|
|
|
|
|
|
|
# Note that mojo.active_session acts both way. As a number, it indicates that |
195
|
|
|
|
|
|
|
# the stored session was not empty at some point. As a key that just 'exists', |
196
|
|
|
|
|
|
|
# it prevents subsequent loading of the session in the second call |
197
|
|
|
|
|
|
|
# to $c->session(); |
198
|
|
|
|
|
|
|
|
199
|
|
|
|
|
|
|
# This is the sessing of the session hash in the stash |
200
|
10
|
|
|
|
|
71
|
$controller->stash()->{'mojo.session'} = $session; |
201
|
|
|
|
|
|
|
# And we transfer the flash if anything has flashed something in some previous requests |
202
|
|
|
|
|
|
|
# under the key 'new_flash'. See Mojolicious::Controller::flash |
203
|
10
|
100
|
|
|
|
56
|
$session->{flash} = delete $session->{new_flash} if $session->{new_flash}; |
204
|
10
|
|
|
|
|
14
|
return; |
205
|
|
|
|
|
|
|
} |
206
|
|
|
|
|
|
|
|
207
|
|
|
|
|
|
|
=head2 store |
208
|
|
|
|
|
|
|
|
209
|
|
|
|
|
|
|
Implements store from L |
210
|
|
|
|
|
|
|
|
211
|
|
|
|
|
|
|
=cut |
212
|
|
|
|
|
|
|
|
213
|
|
|
|
|
|
|
sub store{ |
214
|
25
|
|
|
25
|
1
|
6346
|
my ($self, $controller) = @_; |
215
|
|
|
|
|
|
|
|
216
|
|
|
|
|
|
|
|
217
|
25
|
100
|
|
|
|
43
|
unless( $self->was_set() ){ return $self->SUPER::store( $controller ); } |
|
3
|
|
|
|
|
21
|
|
218
|
|
|
|
|
|
|
|
219
|
|
|
|
|
|
|
# Stuff was set, we need to use it. |
220
|
|
|
|
|
|
|
# Grab the session from the stash and see if we should really save it. |
221
|
22
|
|
|
|
|
203
|
my $stash = $controller->stash(); |
222
|
22
|
|
|
|
|
106
|
my $session = $stash->{'mojo.session'}; |
223
|
|
|
|
|
|
|
|
224
|
|
|
|
|
|
|
# No session, no storing needed. |
225
|
22
|
50
|
|
|
|
35
|
unless( $session ){ return ; } |
|
0
|
|
|
|
|
0
|
|
226
|
|
|
|
|
|
|
|
227
|
22
|
50
|
66
|
|
|
62
|
unless( keys %$session || $stash->{'mojo.active_session'} ){ |
228
|
|
|
|
|
|
|
# The session has never contained anything for the whole duration of this |
229
|
|
|
|
|
|
|
# request. No need to store |
230
|
8
|
|
|
|
|
16
|
return; |
231
|
|
|
|
|
|
|
} |
232
|
|
|
|
|
|
|
|
233
|
14
|
|
|
|
|
14
|
my $old_flash = delete $session->{flash}; |
234
|
|
|
|
|
|
|
|
235
|
14
|
50
|
|
|
|
28
|
if( $stash->{'mojo.static'} ){ |
236
|
|
|
|
|
|
|
# Mojo is serving a static resource (like a file). |
237
|
|
|
|
|
|
|
# This is marked with mojo.static being set on the stash. |
238
|
|
|
|
|
|
|
# Behave as if a new_flash was set against the session |
239
|
0
|
|
|
|
|
0
|
$session->{new_flash} = \%{ $old_flash }; |
|
0
|
|
|
|
|
0
|
|
240
|
|
|
|
|
|
|
} |
241
|
|
|
|
|
|
|
|
242
|
|
|
|
|
|
|
# Clear the new_flash if it contains nothing |
243
|
14
|
100
|
|
|
|
12
|
unless( keys %{ $session->{new_flash} || {} } ){ |
|
14
|
100
|
|
|
|
59
|
|
244
|
10
|
|
|
|
|
7
|
delete $session->{new_flash}; |
245
|
|
|
|
|
|
|
} |
246
|
|
|
|
|
|
|
|
247
|
14
|
|
66
|
|
|
47
|
my $session_id = $session->{'mojox.sessions3s.id'} ||= $self->sidgen()->generate_sid( $controller ); |
248
|
|
|
|
|
|
|
|
249
|
14
|
50
|
|
|
|
85
|
if( defined( $session->{'mojox.sessions3s.old_id'} ) ){ |
250
|
|
|
|
|
|
|
# Session id has changed. Clear the old one. |
251
|
0
|
|
|
|
|
0
|
$self->storage->remove_session_id( $session->{'mojox.session3s.old_id'} ); |
252
|
|
|
|
|
|
|
} |
253
|
|
|
|
|
|
|
|
254
|
|
|
|
|
|
|
|
255
|
14
|
50
|
|
|
|
47
|
my $expiration = defined( $session->{expiration} ) ? $session->{expiration} : $self->default_expiration(); |
256
|
14
|
|
|
|
|
47
|
my $set_expires = delete $session->{expires}; |
257
|
|
|
|
|
|
|
|
258
|
14
|
50
|
33
|
|
|
35
|
if( $expiration || $set_expires ){ |
259
|
|
|
|
|
|
|
# There is an expiration policy or expires was set explicitely. |
260
|
14
|
|
66
|
|
|
37
|
$session->{expires} = $set_expires || time + $expiration ; |
261
|
|
|
|
|
|
|
} |
262
|
|
|
|
|
|
|
|
263
|
|
|
|
|
|
|
# Do the standard thing. Store the session. |
264
|
14
|
|
|
|
|
68
|
$self->storage->store_session( $session_id , $session ); |
265
|
|
|
|
|
|
|
# And then inject the session id as a client state. |
266
|
14
|
|
|
|
|
1370
|
$self->state->set_session_id( $controller , $session_id , { expires => $session->{expires} } ); |
267
|
|
|
|
|
|
|
} |
268
|
|
|
|
|
|
|
|
269
|
|
|
|
|
|
|
1; |
270
|
|
|
|
|
|
|
|