search

bungle / lua-resty-session

Session library for OpenResty – flexible and secure
BSD 2-Clause "Simplified" License
318 stars 111 forks source link

Using redis with lua-resty-openidc #82

Open bpauwels opened 4 years ago

bpauwels commented 4 years ago

Hi,

I am trying to use redis as session store in combination with lua-resty-openidc but for some reason nginx is ignoring my config my set $session_storage redis; and continues to store it in cookies.

Here is my complete server section:

server { listen 8080 default_server; server_name ...; root /data/www;

set $session_name sess_auth; set $session_storage redis; set $session_redis_prefix nginx; set $session_redis_host redis.in.my.cluster.svc; set $session_redis_port 6379; set $session_redis_uselocking on; set $session_redis_spinlockwait 10000; set $session_redis_maxlockwait 30; set $session_redis_pool_timeout 45; set $session_redis_pool_size 10;

access_by_lua ' local opts = { redirect_uri = "..." ,
accept_none_alg = true, discovery = "..." , client_id = "...", client_secret = "...", redirect_uri_scheme = "http", logout_path = "/logout", redirect_after_logout_uri = "..." , redirect_after_logout_with_id_token_hint = false, session_contents = {id_token=true} } -- call introspect for OAuth 2.0 Bearer Access Token validation local res, err = require("resty.openidc").authenticate(opts) if err then ngx.status = 403 ngx.say(err) ngx.exit(ngx.HTTP_FORBIDDEN) end -- Set Headers ngx.req.set_header("REMOTE_USER", res.id_token.email) '; expires 0; add_header Cache-Control private; location / { } }

Any Idea whats wrong here? the session_name "sess_auth" is working fine...

Thanks

ghost commented 4 years ago

Please include a bit more code about how you use the lua-resty-session package itself to store content inside the session.

Have you tried a short test without lua-resty-openidc, just try to store some data inside the session, use redis-cli to make sure the session is stored inside redis. Using a redis cluster is not supported as far as I know (depending on how you 'define' cluster, K8s based redis clusters setups are not a problem, but a 'pure' redis cluster is not supported).

I suggest to create the session object directly using the constructor:

local session = require "resty.session".start{
    name = "xyz",
    storage = "redis",
    redis = {
    }
},

this makes debugging inside the part of code where you store data inside the session easier.

bpauwels commented 4 years ago

Now I have tried it without openidc:

server {
       listen     8080 default_server;
       server_name ...;
       root /data/www;

      location / {

            content_by_lua '
                local session = require "resty.session".start{
                    name = "sess_auth",
                    storage = "redis",
                    redis = {
                        prefix      =  "nginx",
                        host        =  "my-redis.svc",
                        port        =  6379,
                        uselocking  =  "on",
                        spinlockwait =  10000,
                        maxlockwait  =  30,
                        pool_size    = 10,
                        timeout      =  45,
                    }
                }
                ngx.say("<html><body>Hello World!</body></html>")
            ';

                }
}

I get my Hello World page with the session stored in a cookie. No keys created in Redis.

The redis istance (it is not a cluster, just a single instance) is just working fine: I have configured PHP to store it's session information there and can see those keys with redis-cli