If session_secret variable is not specified, then it would use a module level generated secret, then if this library is not require in init_by_lua_block, the secrets are different in worker processes, right? If so, two consecutive requests for one session dispatched to different worker processes would failed to decrypt the session data, right?
So to make secrets consistent, either setting session_secret variable, or require it in init_by_lua_block, or specifiy it explicitly in opts to open/start, correct?
bungle
commented
1 year ago
If
session_secretvariable is not specified, then it would use a module level generated secret, then if this library is notrequireininit_by_lua_block, the secrets are different in worker processes, right? If so, two consecutive requests for one session dispatched to different worker processes would failed to decrypt the session data, right? So to make secrets consistent, either settingsession_secretvariable, or require it ininit_by_lua_block, or specifiy it explicitly in opts to open/start, correct?