NAME

App::Session::HTMLHidden - a session whose state is maintained across HTML requests by being embedded in an HTML <input type="hidden"> tag.

SYNOPSIS

# ... official way to get a Session object ...
use App;
$session = App->session();
$session = $session->session();   # get the session

# any of the following named parameters may be specified
$session = $session->session(
);

# ... alternative way (used internally) ...
use App::Session::HTMLHidden;
$session = App::Session->new();

DESCRIPTION

A Session class models the sequence of events associated with a use of the system. These events may occur in different processes. Yet the accumulated state of the session needs to be propagated from one process to the next.

This Session::HTMLHidden maintains its state across HTML requests by being embedded in an HTML <input type="hidden"> tag. As a result, it requires no server-side storage, so the sessions never need to time out.

Constructor Methods:

new()

The constructor is inherited from App::Service.

Public Methods:

get_session_id()

The get_session_id() returns the session_id of this particular session. This session_id is unique for all time. If a session_id does not yet exist, one will be created. The session_id is only created when first requested, and not when the session is instantiated.

* Signature: $session_id = $session->get_session_id();
* Param:  void
* Return: $session_id      string
* Throws: <none>
* Since:  0.01

Sample Usage: 

$session->get_session_id();

html()

The html() method ...

* Signature: $html = $session->html();
* Param:  void
* Return: $html      string
* Throws: <none>
* Since:  0.01

Sample Usage: 

$session->html();

Protected Methods:

The following methods are intended to be called by subclasses of the current class.

_init()

The _init() method is called from within the constructor.

* Signature: _init($named)
* Param:     $named        {}    [in]
* Return:    void
* Throws:    App::Exception
* Since:     0.01

Sample Usage: 

$ref->_init($args);

The _init() method looks at the CGI variables in the request and restores the session state information from the variable named "app.sessiondata" (and "app.sessiondata[2..n]").

When the values of these variables are concatenated, they form a Base64-encoded, gzipped, frozen multi-level hash of session state data. To retrieve the state data, the text is therefore decoded, gunzipped, and thawed (a la Storable).

TODO: encrypt and MAC