If session_secret variable is not specified, then it would use a module level generated secret, then if this library is not require in init_by_lua_block, the secrets are different in worker processes, right? If so, two consecutive requests for one session dispatched to different worker processes would failed to decrypt the session data, right?
So to make secrets consistent, either setting session_secret variable, or require it in init_by_lua_block, or specifiy it explicitly in opts to open/start, correct?
If
session_secret
variable is not specified, then it would use a module level generated secret, then if this library is notrequire
ininit_by_lua_block
, the secrets are different in worker processes, right? If so, two consecutive requests for one session dispatched to different worker processes would failed to decrypt the session data, right? So to make secrets consistent, either settingsession_secret
variable, or require it ininit_by_lua_block
, or specifiy it explicitly in opts to open/start, correct?