There is two issues for me. This plugin does not care about CSRF vulnerable. User logout from your web site unexpectedly.There is no localization APIBut it works. #!/usr/bin/env use strict; use warnings; use 5.010001; use Plack::Builder; use Plack::Request; sub dispatch_secret { return [ 200, [], [<<'...'], <!doctype html> <html> <head> <title>This is a secret web page</title> </head> <body> <div