This is used to secure the cookies. Encryption keys and message
    authentication keys are derived from this using one-way functions.
    Changing it will invalidate all sessions.

    Number of seconds for which the session may be considered valid. If
    cookie_duration is not set as part of the session configuration, this
    is used instead to expire the session after a period of time,
    regardless of the length of the browser session. It is unset by
    default, meaning that sessions expiration is not capped.

    If set to true, the secret key will have the request address (as
    provided by <$request-address>>) appended to it. This can help defeat
    some replay attacks (e.g. if the channel is not secure). But it will
    also cause session interruption for people on dynamic addresses.

SYNOPSIS

      # In Dancer 2 config.yml file
    
      session: Cookie
      engines:
        session:
          Cookie:
            secret_key:           your secret passphrase
            default_duration:     604800
            with_request_address: 0

DESCRIPTION

    This module implements a session factory for Dancer 2 that stores
    session state within a browser cookie. Features include:

      * Data serialization and compression using Sereal

      * Data encryption using AES with a unique derived key per cookie

      * Enforced expiration timestamp (independent of cookie expiration)

      * Cookie integrity protected with a message authentication code (MAC)

    See Session::Storage::Secure for implementation details and important
    security caveats.

SEE ALSO

    CPAN modules providing cookie session storage (possibly for other
    frameworks):

      * Dancer::Session::Cookie -- Dancer 1 equivalent to this module

      * Catalyst::Plugin::CookiedSession -- encryption only

      * HTTP::CryptoCookie -- encryption only

      * Mojolicious::Sessions -- MAC only

      * Plack::Middleware::Session::Cookie -- MAC only

      * Plack::Middleware::Session::SerializedCookie -- really just a
      framework and you provide the guts with callbacks

      * Dancer2::Core::Role::SessionFactory -- documentation of the base
      package, some more attributes to configure the cookie

POD ERRORS

    Hey! The above document had some coding errors, which are explained
    below:

    Around line 1:

      Unknown directive: =attr

    Around line 7:

      Unknown directive: =attr

    Around line 15:

      Unknown directive: =attr