File Coverage

blib/lib/CGI/Session/ID/sha.pm

Criterion	Covered	Total	%
statement	12	15	80.0
branch			n/a
condition			n/a
subroutine	4	5	80.0
pod	0	1	0.0
total	16	21	76.1

line	stmt	sub	pod	time	code
1					# CGI::Session::ID::sha copyright 2008 Michael De Soto. This program is
2					# distributed under the terms of the GNU General Public License, version 3.
3					#
4					# $Id: sha.pm 7 2008-11-04 04:27:03Z desoto@cpan.org $
5
6					package CGI::Session::ID::sha;
7
8	1	1		76824	use strict;
	1			2
	1			39
9	1	1		7	use warnings;
	1			2
	1			33
10
11	1	1		5698	use Digest::SHA;
	1			5132
	1			69
12	1	1		1078	use CGI::Session::ErrorHandler;
	1			293
	1			179
13
14					$CGI::Session::ID::sha::VERSION = '1.01';
15					@CGI::Session::ID::sha::ISA = qw/CGI::Session::ErrorHandler/;
16
17					*generate = \&generate_id;
18					sub generate_id {
19	0	0	0		my $sha = Digest::SHA->new(1);
20	0				$sha->add($$ , time() , rand(time));
21	0				return $sha->hexdigest();
22					}
23
24					1;
25
26					=pod
27
28					=head1 NAME
29
30					CGI::Session::ID::sha - CGI::Session ID driver for generating SHA-1 based IDs
31
32					=head1 SYNOPSIS
33
34					use CGI::Session;
35					$session = new CGI::Session('id:sha', undef);
36
37					=head1 DESCRIPTION
38
39					Use this module to generate SHA-1 encoded hexadecimal IDs for L
40					objects. This library does not require any arguments. To use it, add
41					C to the DSN string when creating L objects.
42
43					=head2 Keep in mind
44
45					Keep in mind that a SHA-1 encoded hexadecimal string will have 40 characters.
46					Don't forget to take this into account when using a database to store your
47					session. For example, when using the default table layout with MySQL you'd want
48					to create a table like:
49
50					CREATE TABLE sessions (
51					id CHAR(40) NOT NULL PRIMARY KEY,
52					a_session NOT NULL,
53					);
54
55					=head1 CAVEATS
56
57					There are no caveats with this module, but rather with the way L
58					loads this module:
59
60					=head2 DSN string converted to lower case
61
62					I suppose I'm nitpicking -- this isn't a big deal -- but I am the captious
63					sort. I did spend the better part of of an afternoon trying to figure out
64					what was going on.
65
66					When calling the L constructor C, one has the option of
67					passing a DSN string that should look something like this:
68
69					'driver:file;serializer:default;id:md5'
70
71					Notice how the string is all lowercase. However the following is equally valid:
72
73					'DRIVER:FILE;SERIALIZER:DEFAULT;ID:MD5'
74
75					Most of us are more inclined to use the former rather than the later. The point
76					is it doesn't matter. The string is converted to lowercase before
77					L attempts to load each part:
78
79					# driver:file loads
80					CGI::Session::Driver::file
81
82					# serializer:default loads
83					CGI::Session::Serialize::default
84
85					# id:md5 loads
86					CGI::Session::ID::md5
87
88					The problem comes when you want to load a module that uses upper and lowercase
89					letters in its name. Now this isn't a big problem because there aren't a lot of
90					modules written to plug into this part of L. However, when
91					researching I found three on CPAN that do:
92
93					=over 4
94
95					=item *
96
97					L
98
99					=item *
100
101					L
102
103					=item *
104
105					L
106
107					=back
108
109					Since I find consistent style aesthetically pleasing I prefer mixed case module
110					names. Especially since the underlying module (L) is mixed case.
111					So keeping this in mind, I originally named my module CGI::Session::ID::SHA.
112					SHA is an acronym for Secure Hash Algorithm and the underlying module is
113					L, and so it just makes sense to name it that way.
114
115					No dice.
116
117					It took me a while to realize that mixed case just wont work. Despite those
118					other modules on CPAN using mixed case, L just isn't able to load
119					them. I don't know if it's always been this way, or if this is a recent
120					development. I didn't really do any research on it.
121
122					On one hand, I can't imagine Daniel Peder (who wrote the three above) would
123					release to CPAN modules that can't be used by the code they're meant to plug
124					into. On the other hand, I can't imagine Mark Stosberg (who wrote
125					L) would change how modules are loaded into L.
126
127					None of this is is included in the L documentation. I don't know
128					that it should be. This behavior isn't wrong, it's just curious. Now, I should
129					have prefaced this by saying that I didn't really research too deeply beyond
130					the documentation on CPAN. For all I know there exists reams of documentation
131					or discussions on this very matter.
132
133					=head1 SEE ALSO
134
135					L, L, and our Web site:
136					L.
137
138
139					=head1 AUTHOR
140
141					Michael De Soto, Edesoto@cpan.orgE
142
143					=head1 COPYRIGHT AND LICENSE
144
145					Copyright (C) 2008 Michael De Soto. All rights reserved.
146
147					This program is free software: you can redistribute it and/or modify it under
148					the terms of the GNU General Public License as published by the Free Software
149					Foundation, either version 3 of the License, or (at your option) any later
150					version.
151
152					This program is distributed in the hope that it will be useful, but WITHOUT ANY
153					WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
154					PARTICULAR PURPOSE. See the GNU General Public License for more details.
155
156					You should have received a copy of the GNU General Public License along with
157					this program. If not, see L.
158
159					=cut
160