NAME

Apache::AppSamurai::Session::Generate::HMAC_SHA - HMAC/SHA256 session generator for Apache::AppSamurai::Session

SYNOPSIS

use Apache::AppSamurai::Session::Generate::HMAC_SHA;

# A server key and session authentication key are required and must be
# sent in a hash reference as shown below.  Static server key and
# session authentication keys are shown for the sake of the example.
$session->{args}->{ServerKey} = "628b49d96dcde97a430dd4f597705899e09a968f793491e4b704cae33a40dc02";
$session->{args}->{key} = "c44474038d459e40e4714afefa7bf8dae9f9834b22f5e8ec1dd434ecb62b512e";
$id = Apache::AppSamurai::Session::Generate::HMAC_SHA::generate($session);

# Note - this is not how you will see this module generally called.
# Instead, you will see it called by reference from Apache::Session or
# Apache::AppSamurai::Session. 

# Validate the session ID format
(Apache::AppSamurai::Session::Generate::HMAC_SHA::validate($id)) or die "Bad!";

DESCRIPTION

This module fulfills the ID generation interface of Apache::Session and Apache::AppSamurai::Session.

Unlike the normal Apache::Session generators like MD5, this requires two input values: A server key and a session authentication key. Both must be hex string encoded 256 bit values. The values are passed in a hash reference, (see examples). The values are then punched into a HMAC using SHA256 as the digest. The ID is returned by the generate function, and the function also sets the {data}->{session_id} value on the passed in session hash.

This module can also examine session IDs to ensure that they are, indeed, session ID numbers and not evil attacks. The reader is encouraged to consider the effect of bogus session ID numbers in a system which uses these ID numbers to access disks and databases.

This modules takes no direct arguments when called as an object, but expects $self to include a hash reference named "args" from which to extract the server key and session authentication key.

AUTHOR

Paul M. Hirsch, <paul at voltagenoir.org>

BUGS

See Apache::AppSamurai for information on bug submission and tracking.

SUPPORT

See Apache::AppSamurai for support information.

COPYRIGHT & LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

To install Apache::AppSamurai, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Apache::AppSamurai

CPAN shell

perl -MCPAN -e shell
install Apache::AppSamurai

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)