bungle / lua-resty-session

Session library for OpenResty – flexible and secure
BSD 2-Clause "Simplified" License
319 stars 111 forks source link

Detect if decryption of cookie failed #145

Closed amlwwalker closed 2 years ago

amlwwalker commented 2 years ago

If someone were to tamper with the cookie, when you call session.open() is there a way to differentiate between there was no cookie, and a cookie that was corrupted and could not be decrypted?

amlwwalker commented 2 years ago

found it - undocumented

session.open() returns sessions, success, err