in reply to Re: Cookie not signed after upgrading mojolicious
in thread Cookie not signed after upgrading mojolicious

Didn't see this information, I didn't see that information. Is there a way to have plack switch to signing with HMAC-SHA256.
  • Comment on Re^2: Cookie not signed after upgrading mojolicious

Replies are listed 'Best First'.
Re^3: Cookie not signed after upgrading mojolicious
by Corion (Patriarch) on Jul 21, 2021 at 14:11 UTC

    Plack itself doesn't handle sessions, and I don't find Plack::Session::Store::File::Mojolicious on CPAN (neither does Google find it elsewhere), so I don't know what you would need to do to make it sign the cookies using HMAC-SHA256. Maybe that file is just the Mojolicious code for cookie signing copied into the Plack API and you can also just copy the (new) Mojolicious code into that.

[reply]
      The new mojolicous code is the same, i did pass in httponly=>1,secret=>'whatever the secret is' and that started at least I think gave me an incorrect signatue error. I say think because i made a lot of changes. But the error it gave was cookie has bad signature
[reply]
[d/l]

In Section Seekers of Perl Wisdom