App::Session::Cookie - a session whose state is maintained across HTML requests by being embedded in an HTTP cookie.
# ... official way to get a Session object ...
$session = App->session();
$session = $session->session(); # get the session
# any of the following named parameters may be specified
$session = $session->session(
# ... alternative way (used internally) ...
$session = App::Session->new();
A Session class models the sequence of events associated with a use of the system. These events may occur in different processes. Yet the accumulated state of the session needs to be propagated from one process to the next.
This Session::Cookie maintains its state across HTML requests by being embedded in an HTTP cookie. As a result, it requires no server-side storage, so the sessions never need to time out.
The Session::Cookie has an advantage over Session::HTMLHidden in that data does not need to be posted to a URL for the session data to be transmitted to it. This allows that the state can be propagated properly to sub-components of an HTML page such as
* frame documents within a frameset (< frame src=... >)
* dynamically generated images (< img src=... >, < input type=image src=... >)
Limits on cookie storage are as follows, according to "Dynamic HTML, The Definitive Reference" by O'Reilly in the DOM Reference under "document.cookie".
* max 2000 chars per cookie (recommended, although 4000 supposedly allowed)
* max 20 cookies per domain
This allows for roughly 40K of session storage. It is quite conceivable that this amount of storage could be overrun, so Session::Cookie is only appropriate in situations where you are confident it will not be. Also, session_objects should take care to clean up after themselves, and static values stored in the session can alternatively be provided in the config.