1. Manuals
  2. Tumbleweed
  3. perl-Mojolicious
  4. Mojolicious::Sessions(3pm)

Scroll to navigation

Mojolicious::Sessions(3) User Contributed Perl Documentation Mojolicious::Sessions(3)

NAME

Mojolicious::Sessions - Session manager based on signed cookies

SYNOPSIS

  use Mojolicious::Sessions;
  my $sessions = Mojolicious::Sessions->new;
  $sessions->cookie_name('myapp');
  $sessions->default_expiration(86400);

DESCRIPTION

Mojolicious::Sessions manages sessions based on signed cookies for Mojolicious. All data gets serialized with Mojo::JSON and stored Base64 encoded on the client-side, but is protected from unwanted changes with a HMAC-SHA256 signature.

ATTRIBUTES

Mojolicious::Sessions implements the following attributes.

  my $domain = $sessions->cookie_domain;
  $sessions  = $sessions->cookie_domain('.example.com');

Domain for session cookies, not defined by default.

  my $name  = $sessions->cookie_name;
  $sessions = $sessions->cookie_name('session');

Name for session cookies, defaults to "mojolicious".

  my $path  = $sessions->cookie_path;
  $sessions = $sessions->cookie_path('/foo');

Path for session cookies, defaults to "/".

default_expiration

  my $time  = $sessions->default_expiration;
  $sessions = $sessions->default_expiration(3600);

Default time for sessions to expire in seconds from now, defaults to 3600. The expiration timeout gets refreshed for every request. Setting the value to 0 will allow sessions to persist until the browser window is closed, this can have security implications though. For more control you can also use the "expiration" and "expires" session values.

  # Expiration date in seconds from now (persists between requests)
  $c->session(expiration => 604800);
  # Expiration date as absolute epoch time (only valid for one request)
  $c->session(expires => time + 604800);
  # Delete whole session by setting an expiration date in the past
  $c->session(expires => 1);

deserialize

  my $cb    = $sessions->deserialize;
  $sessions = $sessions->deserialize(sub ($bytes) {...});

A callback used to deserialize sessions, defaults to "j" in Mojo::JSON.

  $sessions->deserialize(sub ($bytes) { return {} });

encrypted

  my $bool  = $sessions->encrypted;
  $sessions = $sessions->encrypted($bool);

Use encrypted session cookies instead of merely cryptographically signed ones.

samesite

  my $samesite = $sessions->samesite;
  $sessions    = $sessions->samesite('Strict');

Set the SameSite value on all session cookies, defaults to "Lax".

  # Disable SameSite feature
  $sessions->samesite(undef);

secure

  my $bool  = $sessions->secure;
  $sessions = $sessions->secure($bool);

Set the secure flag on all session cookies, so that browsers send them only over HTTPS connections.

serialize

  my $cb    = $sessions->serialize;
  $sessions = $sessions->serialize(sub ($hash) {...});

A callback used to serialize sessions, defaults to "encode_json" in Mojo::JSON.

  $sessions->serialize(sub ($hash) { return '' });

METHODS

Mojolicious::Sessions inherits all methods from Mojo::Base and implements the following new ones.

load

  $sessions->load(Mojolicious::Controller->new);

Load session data from signed cookie.

store

  $sessions->store(Mojolicious::Controller->new);

Store session data in signed cookie.

SEE ALSO

Mojolicious, Mojolicious::Guides, <https://mojolicious.org>.

2025-10-09 perl v5.42.0