Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
better descriptions for sessions
  • Loading branch information
kraih committed Jan 30, 2015
1 parent d6880c1 commit 6c240b8
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 9 deletions.
2 changes: 1 addition & 1 deletion Changes
@@ -1,5 +1,5 @@

5.76 2015-01-29
5.76 2015-01-30
- Increased default max_message_size from 10MB to 16MB in Mojo::Message.
- Reduced default max_line_size from 10KB to 8KB in Mojo::Headers and
Mojo::Message.
Expand Down
9 changes: 5 additions & 4 deletions lib/Mojolicious/Controller.pm
Expand Up @@ -850,8 +850,8 @@ which usually defaults to C<15> seconds.
Persistent data storage for the next few requests, all session data gets
serialized with L<Mojo::JSON> and stored Base64 encoded in HMAC-SHA1 signed
cookies. Note that cookies usually have a C<4096> byte (4KB) limit, depending
on browser.
cookies, to prevent tampering. Note that cookies usually have a C<4096> byte
(4KB) limit, depending on browser.
# Manipulate session
$c->session->{foo} = 'bar';
Expand All @@ -876,8 +876,9 @@ on browser.
Access signed request cookie values and create new signed response cookies. If
there are multiple values sharing the same name, and you want to access more
than just the last one, you can use L</"every_signed_cookie">. Cookies failing
HMAC-SHA1 signature verification will be automatically discarded.
than just the last one, you can use L</"every_signed_cookie">. Cookies are
cryptographically signed with HMAC-SHA1, to prevent tampering, and the ones
failing signature verification will be automatically discarded.
=head2 stash
Expand Down
9 changes: 5 additions & 4 deletions lib/Mojolicious/Guides/Tutorial.pod
Expand Up @@ -711,10 +711,11 @@ constructs.

=head2 Sessions

Signed cookie based sessions just work out of the box as soon as you start
using them through the helper
L<Mojolicious::Plugin::DefaultHelpers/"session">, just be aware that all
session data gets serialized with L<Mojo::JSON>.
Cookie based sessions just work out of the box, as soon as you start using them
through the helper L<Mojolicious::Plugin::DefaultHelpers/"session">. Just be
aware that all session data gets serialized with L<Mojo::JSON>, before being
Base64 encoded and cryptographically signed with HMAC-SHA1, to prevent
tampering.

use Mojolicious::Lite;

Expand Down

0 comments on commit 6c240b8

Please sign in to comment.