bungle
commented
7 years ago First of all don't call openif you have already called start. It goes like this:
- new
- open (this will call new if needed)
- start (this will call open (and new) if needed)
Closed andyhx closed 7 years ago
bungle
commented
7 years ago First of all don't call openif you have already called start. It goes like this:
bungle
commented
7 years ago Your usage is totally wrong. Why not just:
local session = require "resty.session".start {
secret = "623q4hR325t36VsCD3g567922IC0073T",
cookie = { persistent = true, lifetime = 280 }
}
if session.present then
args.sessionids=session.data.name
args.testsession=1
args.datasession=session.data
local ret=rpccall(red, ' LogininfofromSession', 100, args)
else
-- what are the args here?
local ret=rpccall(red, 'LoigininfofromPasswordandUsername', 100, args)
if ret== "yes" then
session.data.name = "OpenResty Fan"
session:save()
end
endTo get session id in JS you need to disable http-only cookies (which you really shouldn't):
local session = require "resty.session".start {
secret = "623q4hR325t36VsCD3g567922IC0073T",
cookie = {
persistent = true,
lifetime = 280,
httponly = false
}
}It is all documented here: https://github.com/bungle/lua-resty-session#boolean-sessioncookiehttponly
andyhx
commented
7 years ago thank u so much for ur reply, args are arguments get from nginx headers.I try your code,but it seems is not right, When printing session.data, session.data.name ,their value are nil ,they are empty 。But if I added session.open() in the else part, somtimes the session.data.name are
nil or "OpenResty Fan"
`
if session.present then
----------------------------------------- here how can i verify the session is from my client?
args.sessionids=session.data.name
args.testsession=1
args.datasession=session.data
local ret=rpccall(red, ' LogininfofromSession', 100, args)
else
-- what are the args here?
local ret=rpccall(red, 'LoigininfofromPasswordandUsername', 100, args)
if ret== "yes" then
--------- if i add this sentence , it sometimes work
session.open()
---------------------------new added
session.data.name = "OpenResty Fan"
session:save()
end
end
`
can u help me ?why sometimes the session data are empty ,the session is not expired
bungle
commented
7 years ago I need your full code. Try to make a minimal example that I can try out.
andyhx
commented
7 years ago hello @bungle ,thanks so much,here are my codes
local args = ngx.req.get_uri_args()
ngx.req.read_body()
local h = ngx.req.get_headers()
local f = io.open(ngx.req.get_body_file(), 'rb')
f:close()
local username=args.usr
local passwd=args.passwd
local session = require "resty.session".start{
secret = "623q4hR325t36VsCD3g567922IC0073T",
cookie = { persistent = true, lifetime = 20 } }
if session.present then
args.sessionids=session.data.name
----------- I only want to verify whether the session is from my client
ngx.say(session.data.name)
args.testsession=1
args.datasession=session.data
local ret=rpccall(red, 'LogininfoSession', 100, args)
else
local ret=rpccall(red, 'LogininfoUsePasswd', 100, args)
if(ret==1)then
------------login success i want save the session
session.open()
----------if open function is not here the session data is always nil values why?
session.data.usr = tostring(username)
session.data.passwd = tostring(passwd)
session.data.name = 'OpenResty Fan'
ngx.say(session.data.name)
session:save()
end
end
--ret='yes'
ngx.say(json.encode(ret))@bungle ,Are these codes not enough,i can explain where you dont understand,thanks!
bungle
commented
7 years ago yes, I will look at it tomorrow.
bungle
commented
7 years ago @andyhx,
Ok, I have now looked at this. The problem is basically this:
attempt to set ngx.header.HEADER after sending out response headers,This code works correctly (I removed all the extra stuff from there that has nothing to do with this issue):
location /test {
content_by_lua_block {
local session = require "resty.session".start {
secret = "623q4hR325t36VsCD3g567922IC0073T",
cookie = {
persistent = true
}
}
if session.present then
ngx.log(ngx.ERR, session.data.name)
else
session.data.name = 'OpenResty Fan'
ngx.log(ngx.ERR, session.data.name)
session:save()
end
}
}The problem is THESE lines in your code:
ngx.say(session.data.name)
session:save()See, you send body content there (and also see how I replaced ngx.say with ngx.log above). That means you cannot send headers anymore, e.g. a session cookie. If you change this to this:
session:save()
ngx.say(session.data.name) Your code will work just fine.
I can make extra check in resty.session to check if headers have already been sent before trying to set the cookie. Raise an error in that case.
bungle
commented
7 years ago I just released 2.12 that return nil, error on session:start() etc. whenever you try to send cookie if headers where already sent.
bungle
commented
7 years ago @andyhx, please close this if this is not an issue anymore.
andyhx
commented
7 years ago hi,bungle, I am sorry to reply u late ,it works ,thank u so much
hello, i am new bb to web serivce , i am having problems using lua-resty-session, i am trying to verify the session that the browser sended is origina from the nginx resty part or it is not .I have been searching for some time I cant find a good example to follow. here are my codes:
i try to debug by step to find when the sentence session.present wil be l steped into。 And i find everytime even it is not original from resty session it will step into 。what i want is simple.When the session sended is original from openresty calling LogininfofromSession" function.When then session sended is not from orignal just skip this part ,and it call LoigininfofromPasswordandUsername function;And additionally how can I get session id from javascript?Can anyone show me an easy example ,thank you so much !