I released Plack::Middleware::SignedCookies some time ago because I went looking for it and came up empty. This is a middleware that signs outgoing cookies on the server with a HMAC digest and verifies the digest on incoming cookies. If a cookie doesn’t pass the signature test, it is dropped on the floor and your application never gets to see it.

There are several framework-specific plugins that do the same job, but I wanted to get rid of as much framework-specific code as possible.

One explicit design choice was to not handle expiration. Several of the plugins I saw do handle that themselves, and it certainly is useful for centralising all cookie policy in one place. However, expiration is almost certainly something you’ll want to handle at the application level, if only to vary the “not authorised” message you show the user. So there has to be a protocol to signal that a cookie was present but rejected because it was expired, and the application needs code implementing that protocol in order to react to expirations. This couples the application to the cookie policy code. Now that is fine when that is part of the framework, or a framework-specific component; it is not fine in a framework-agnostic Plack middleware. Leaving the expiration policy to the application means the application only needs to deal with the cookie interface provided by its framework: it is not coupled to the middleware.

Another choice I made in the spirit of “maybe YAGNI” – but which is likely a limitation – is that as of 1.103, SignedCookies doesn’t provide a way to pick which cookies to sign/verify. In a pinch, you can always use a middleware wrapped around it (such as an inline Rewrite rule, for convenience) to intercept and/or inject non-signed cookies outside of its purview. There is a likelihood that this will change in the future.

Anyway, have at it. Share and enjoy.

Leave a comment

About Aristotle

user-pic Waxing philosophical