search

bungle / lua-resty-session

Session library for OpenResty – flexible and secure
BSD 2-Clause "Simplified" License
320 stars 111 forks source link

stack traceback: coroutine 0: / attempt to index local 'session' (a nil value) #114

Closed ghost closed 3 years ago

ghost commented 4 years ago

Running the following code:

#!/usr/bin/env lua5.1

local sessionTime = 1800 --amount of seconds, a session is 'valid'
local requestsPerSession = 10 --maximum amount of requests before waf is triggered

local session, err = require "resty.session".start{
                 name = "waf",
                 storage = "redis",
                 strategy = "regenerate",
                 --see https://github.com/bungle/lua-resty-session#redis-storage-adapter for redis config parameters
                 redis = {
                    prefix = 'waf',
                    host =  '${REDIS_HOST}',
                    port = ${REDIS_PORT},
                 },
                 cookie = {
                    lifetime = 1800,
                    --renew = 1800,
                 },
                 secret = "secret" --required to set a fixed session secret, to prevent session lost on nginx restart / reload

            }

--debug
if session == nil then
     print(err)
end

local captcha = require 'captcha'
local base64 = require 'helperExt'

--user is not authorized
if not session.data.authorized then

Script is executed by:

    rewrite_by_lua_file /usr/local/openresty/nginx/html/waf.lua;

The script itself is runnning fine at the moment, but after a few hours we see a blank 500 Internal Server Error page, checking the logs we see:

/usr/local/openresty/nginx/html/waf.lua: in main chunk, client: 192.168.218.58, server: localhost, request: "GET / HTTP/1.1", host: "xyz" 2020/11/02 11:42:54 [error] 6#6: *35 lua entry thread aborted: runtime error: /usr/local/openresty/nginx/html/waf.lua:33: attempt to index local 'session' (a nil value) stack traceback: coroutine 0: /usr/local/openresty/nginx/html/waf.lua: in main chunk, client: 192.168.218.58, server: localhost, request: "GET / HTTP/1.1", host: "xyz" 192.168.218.58 - - [02/Nov/2020:11:42:54 +0000] "GET / HTTP/1.1" 500 174 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

Using:

openresty/openresty:stretch-fat
opm get bungle/lua-resty-session=3.6

Any idea where things go wrong / how we can debug?

bungle commented 4 years ago

This seems to not come from captcha.lua but waf.lua, what is inside waf.lua?

ghost commented 4 years ago

@bungle The captcha file itself only contains code (around 200 lines) to generate a captcha image. No redis session involved in this file, it's just using gd to generate images.

The script from above is waf.lua. I've corrected the rewrite_by_lua_file part. The problem seems to occur only after a few hours.

The output of print(err) are these lines I think:

stack traceback:
coroutine 0:

Any idea how to increase debug?

bungle commented 4 years ago

@pekineseZ, so it looks like both session and err are nil?

ghost commented 4 years ago

@bungle We've updated from 3.6 to 3.7, but reading the docs, there's no direct bugfix related to this issue I think. Please keep issue open for 7 days from now, we keep this under monitoring.

Debug we use now:

--debug
if session == nil then
     ngx.log(ngx.STDERR, 'ERROR SECTION TRIGGERED ' .. err)
end
bungle commented 3 years ago

@pekineseZ yes, sure I will. Let me know if you have any further feedback on this. I tried to find the bug, but I didn't. Still looking for it. Any new info welcomed! Thanks for reporting so far!

ghost commented 3 years ago

Can be closed, please include a donation info, this lib is just great.👍