This is used to secure the cookies. Encryption keys and message authentication keys are derived from this using one-way functions. Changing it will invalidate all sessions. Number of seconds for which the session may be considered valid. If cookie_duration is not set, this is used instead to expire the session after a period of time, regardless of the length of the browser session. It is unset by default, meaning that sessions expiration is not capped. SYNOPSIS # In Dancer 2 config.yml file session: Cookie engines: session: Cookie: secret_key: your secret passphrase default_duration: 604800 DESCRIPTION This module implements a session factory for Dancer 2 that stores session state within a browser cookie. Features include: * Data serialization and compression using Sereal * Data encryption using AES with a unique derived key per cookie * Enforced expiration timestamp (independent of cookie expiration) * Cookie integrity protected with a message authentication code (MAC) See Session::Storage::Secure for implementation details and important security caveats. SEE ALSO CPAN modules providing cookie session storage (possibly for other frameworks): * Dancer::Session::Cookie -- Dancer 1 equivalent to this module * Catalyst::Plugin::CookiedSession -- encryption only * HTTP::CryptoCookie -- encryption only * Mojolicious::Sessions -- MAC only * Plack::Middleware::Session::Cookie -- MAC only * Plack::Middleware::Session::SerializedCookie -- really just a framework and you provide the guts with callbacks * Dancer2::Core::Role::SessionFactory -- documentation of the base package, some more attributes to configure the cookie POD ERRORS Hey! The above document had some coding errors, which are explained below: Around line 1: Unknown directive: =attr Around line 7: Unknown directive: =attr