This is used to secure the cookies. Encryption keys and message

This is used to secure the cookies. Encryption keys and message
authentication keys are derived from this using one-way functions.
Changing it will invalidate all sessions.

Number of seconds for which the session may be considered valid. If
cookie_duration is not set, this is used instead to expire the session
after a period of time, regardless of the length of the browser
session. It is unset by default, meaning that sessions expiration is
not capped.

SYNOPSIS

# In Dancer 2 config.yml file

session: Cookie
engines:
session:
Cookie:
secret_key: your secret passphrase
default_duration: 604800

DESCRIPTION

This module implements a session factory for Dancer 2 that stores
session state within a browser cookie. Features include:

* Data serialization and compression using Sereal

* Data encryption using AES with a unique derived key per cookie

* Enforced expiration timestamp (independent of cookie expiration)

* Cookie integrity protected with a message authentication code (MAC)

See Session::Storage::Secure for implementation details and important
security caveats.

SEE ALSO

CPAN modules providing cookie session storage (possibly for other
frameworks):

* Dancer::Session::Cookie -- Dancer 1 equivalent to this module

* Catalyst::Plugin::CookiedSession -- encryption only

* HTTP::CryptoCookie -- encryption only

* Mojolicious::Sessions -- MAC only

* Plack::Middleware::Session::Cookie -- MAC only

* Plack::Middleware::Session::SerializedCookie -- really just a
framework and you provide the guts with callbacks

* Dancer2::Core::Role::SessionFactory -- documentation of the base
package, some more attributes to configure the cookie

POD ERRORS

Hey! The above document had some coding errors, which are explained
below:

Around line 1:

Unknown directive: =attr

Around line 7:

Unknown directive: =attr