kayx23
commented
10 months ago I thought session expiry is something one could configure on the IdP side?
Open illidan33 opened 10 months ago
kayx23
commented
10 months ago I thought session expiry is something one could configure on the IdP side?
illidan33
commented
10 months ago I thought session expiry is something one could configure on the IdP side?
The session is set by plugin openid-connect when i use apisix. So it has nothing to do with idp, which does not control the session set by openid-connect.
kayx23
commented
10 months ago @lakshya8066 @Vacant2333 Please help with this question if you can, thanks.
Vacant2333
commented
10 months ago hello @illidan33 looks like we can add this parameter to the APISIX plugin
illidan33
commented
10 months ago hello @illidan33 looks like we can add this parameter to the APISIX plugin
@Vacant2333 Thank you! Can you add an extra field ‘rolling_timeout’?
Vacant2333
commented
10 months ago hello @illidan33 looks like we can add this parameter to the APISIX plugin
Thank you! Can you add an extra field ‘rolling_time’?
yes, can u help me list the parameters that which we need add to the plugin, and i will check and try to do that
illidan33
commented
10 months ago hello @illidan33 looks like we can add this parameter to the APISIX plugin
Thank you! Can you add an extra field ‘rolling_time’?
yes, can u help me list the parameters that which we need add to the plugin, and i will check and try to do that
Of course.
illidan33
commented
10 months ago hello @illidan33 looks like we can add this parameter to the APISIX plugin
Thank you! Can you add an extra field ‘rolling_time’?
yes, can u help me list the parameters that which we need add to the plugin, and i will check and try to do that
Of course.
@Vacant2333 The following are common session configuration fields, please add them to the plugin, thank you.
Vacant2333
commented
10 months ago hello @illidan33 looks like we can add this parameter to the APISIX plugin
Thank you! Can you add an extra field ‘rolling_time’?
yes, can u help me list the parameters that which we need add to the plugin, and i will check and try to do that
Of course.
@Vacant2333 The following are common session configuration fields, please add them to the plugin, thank you.
- cookie_name
- cookie_path
- cookie_http_only
- cookie_secure
- cookie_priority
- cookie_same_site
- cookie_same_party
- remember
- remember_safety
- remember_cookie_name
- stale_ttl
- idling_timeout
- rolling_timeout
- absolute_timeout
- remember_rolling_timeout
- remember_absolute_timeout
ok, i will need consider these was necessay, thanks!
Vacant2333
commented
10 months ago @kayx23 how do u think about add these parameters, can u help assign this issue to me? cc @shreemaan-abhishek
illidan33
commented
9 months ago @Vacant2333 Hi, will the update come online in the near future?
Revolyssup
commented
9 months ago @illidan33 Yes this is on the proposal stage currently so there is no fixed date but this task is on my plate
illidan33
commented
9 months ago @Vacant2333 @Revolyssup hi, I solved the issue. Can you take a look. [https://github.com/apache/apisix/pull/10919](session configuration)
Description
I want to set the session expiration time, but the documentation only supports 'secret'. The document only provides the secret parameter for configuring a session. Can you add support for other session configuration parameters.
The document's url is https://apisix.apache.org/zh/docs/apisix/plugins/openid-connect/
Openid-connect uses the lua-resty-sesseion package, which provides session configuration. Its address is https://github.com/bungle/lua-resty-session
Environment
apisix version): /usr/local/openresty//luajit/bin/luajit ./apisix/cli/apisix.lua version 3.7.0uname -a): Linux apisix-apisix-6d996f8c4f-tzjt8 4.19.91-26.6.al7.x86_64openresty -Vornginx -V): nginx version: openresty/1.21.4.2 built by gcc 10.2.1 20210110 (Debian 10.2.1-6) built with OpenSSL 1.1.1s 1 Nov 2022 (running with OpenSSL 1.1.1w 11 Sep 2023) TLS SNI support enabled configure arguments: --prefix=/usr/local/openresty/nginx --with-cc-opt='-O2 -DAPISIX_RUNTIME_VER=1.0.1 -DNGX_GRPC_CLI_ENGINE_PATH=/usr/local/openresty/libgrpc_engine.so -DNGX_HTTP_GRPC_CLI_ENGINE_PATH=/usr/local/openresty/libgrpc_engine.so -DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/zlib/include -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl111/include' --add-module=../ngx_devel_kit-0.3.2 --add-module=../echo-nginx-module-0.63 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2 --add-module=../set-misc-nginx-module-0.33 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.09 --add-module=../srcache-nginx-module-0.33 --add-module=../ngx_lua-0.10.25 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.34 --add-module=../array-var-nginx-module-0.06 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.9 --add-module=../ngx_stream_lua-0.0.13 --with-ld-opt='-Wl,-rpath,/usr/local/openresty/luajit/lib -Wl,-rpath,/usr/local/openresty/wasmtime-c-api/lib -L/usr/local/openresty/zlib/lib -L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl111/lib -Wl,-rpath,/usr/local/openresty/zlib/lib:/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl111/lib' --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../mod_dubbo-1.0.2 --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../ngx_multi_upstream_module-1.1.1 --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../apisix-nginx-module-1.15.0 --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../apisix-nginx-module-1.15.0/src/stream --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../apisix-nginx-module-1.15.0/src/meta --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../wasm-nginx-module-0.6.5 --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../lua-var-nginx-module-v0.5.3 --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../grpc-client-nginx-module-v0.4.4 --with-poll_module --with-pcre-jit --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_v2_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_auth_request_module --with-http_secure_link_module --with-http_random_index_module --with-http_gzip_static_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-threads --with-compat --with-stream --with-http_ssl_module