Catalyst::Plugin::CookiedSession - Store sessions in a browser cookie


  # in your Catalyst application:
  use Catalyst qw(CookiedSession);
      cookiedsession => { key => 'secretkey', expires => '+1d' },
  # later on in your code
  $c->session->{product} = 'foo';
  my $product = $c->session->{product};


This module is a replacement module for Catalyst::Plugin::Session::* which stores the Catalyst session in a browser cookie. This has two advantages: it's easier to configure than Catalyst::Plugin::Session::* and sessions require no disk IO.

The session is encrypted using Rijndael using the key you provide in the configuration, which should be unique to your application.

More about Rijndael:

If you do not set an expires value in the configuration, then a session cookie is used. You should set a value to make the cookie persist through closing the browser: use '+1h' for one hour, '+2d' for two days, '+3M' for three months and '+4y' for four years.

The cookied is named after your application, with _cookiedsession appended to the end. Pass in a name value in the configuration to override this.

Note that the cookie is limited in size to 4096 bytes. Keep your sessions very small. Alternatively please provide a patch which works along the lines of CGI::Cookie::Splitter.


Leon Brocard <>.


Copyright (C) 2008, Leon Brocard


This module is free software; you can redistribute it or modify it under the same terms as Perl itself.