Is there an option to disable data encryption when stored in Redis?

[mingfang]

We are storing session data inside Redis. Can we disable session data encryption?

[bungle]

Not currently. We can add an option for it.

[bungle]

I will implement pluggable ciphers soon. Stay tuned.

[bungle]

@mingfang,

This is now committed on ciphers branch: https://github.com/bungle/lua-resty-session/tree/ciphers

This commit contains support for pluggable ciphers: https://github.com/bungle/lua-resty-session/commit/c89be43d46ce90b74109a5da5b71dd8fe4ce8d32

The code should be backwards compatible.

I have now implemented two ciphers:

1. none or resty.session.ciphers.none
2. aes or resty.session.ciphers.aes

The second one is the default and it works like before. The none cipher is actually what you are looking for. It doesn't encrypt at all.

To use none adapter you need to specify this in Nginx config:

set $session_cipher none;

Or alternatively you can pass it to session constructor:

-- You can use new, open or start as a constructor
local session = require "resty.session".new{ cipher = "none" }

Can you please test it? If it works fine, we can release it as 2.1.

Remember that some encoding (base64 or hex) might still happen (cookie adapter encodes the value, but redis doesn't, for example).

Regards Aapo

[mingfang]

I just tested an it works great. Thank you very much for adding this feature.

[bungle]

Okay, thanks! This is now released as a part of Release 2.1.