Security Advisories (1)

CVE-2026-9692 (2026-06-18)

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy sources that are unsuitable for security purposes.

NAME

Mojolicious::Plugin::SessionStore - session data store plugin for Mojolicious

SYNOPSIS

use Mojolicious::Lite;
use Plack::Session::Store::File;

plugin SessionStore => Plack::Session::Store::File->new;

DESCRIPTION

Mojolicious::Plugin::SessionStore is a session data store plugin for Mojolicious. It creates Mojolicious::Sessions::Storable instance with provided session data store instance.

OPTIONS

Mojolicious::Plugin::SessionStore accepts all options of Mojolicious::Sessions::Storable.

If a single option is provided, which is expected to be an option of Mojolicious::Sessions::Storable@session_store.

If no option is provided the default <Mojolicious::Session> will be used.

METHODS

Mojolicious::Plugin::SessionStore inherits all methods from Mojolicious::Plugin.

AUTHOR

hayajo <hayajo@cpan.org>

COPYRIGHT

LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)