w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
How is a mojolicious session token created?

Mojolicious session have base64 string (in the begin, first part) and sign (in the end, second part) which separated by "---". Sign is main part of session which prevent from changes.

So, make a test:

Add to session some value. Make request which get this value in the session. Get session and transform first part of them (make base64_decode and change value then make base64_encode and put it before "--" in cookies).

Make query to server with new cookie/session. Your new data must be invalid in session.

So, sign it is IMPORTANT part of session.

Read source code to learn more about it

Read this to know how to set secret key for sign cookies

© Copyright 2018 w3hello.com Publishing Limited. All rights reserved.