search

bungle / lua-resty-session

Session library for OpenResty – flexible and secure
BSD 2-Clause "Simplified" License
318 stars 111 forks source link

session_cookie_maxsize - error attempt to compare string with number #98

Closed vavra5 closed 4 years ago

vavra5 commented 4 years ago

Hello,

I'm trying to configure the max cookie size for my session cookie. The library I'm using is lua-resty-openidc which implements lua-resty-session. When I attempt to configure the session options, I'm getting this error. I tried just copying the default value of 4000 for max cookie size from the documentation.

The settings I'm trying to set for session:

    server {
      server_name  127.0.0.1;
      listen 80;

      set $session_name              session;
      set $session_secret            supersecret;
      set $session_strategy          default;
      set $session_storage           cookie;
      set $session_hmac              sha1;
      set $session_cipher            aes;
      set $session_encoder           base64;
      set $session_serializer        json;
      set $session_cookie_persistent off;
      set $session_cookie_path          /;
      set $session_cookie_samesite   Lax;
      set $session_cookie_secure     on;
      set $session_cookie_httponly   on;
      set $session_cookie_delimiter  |;
      set $session_cookie_maxsize    4000;
      set $session_check_ua          on;
      set $session_check_scheme      on;
      set $session_check_addr        off;
      set $session_aes_mode          cbc;
      set $session_aes_size          256;
      set $session_aes_hash          sha512;
      set $session_aes_rounds        1;

...nginx location configuration

The error I receive:

2020/05/06 17:35:38 [error] 13#13: *1 lua entry thread aborted: runtime error: /usr/local/openresty/site/lualib/resty/session.lua:210: attempt to compare string with number
stack traceback:

coroutine 0:
    /usr/local/openresty/site/lualib/resty/session.lua: in function 'get_cookie'
    /usr/local/openresty/site/lualib/resty/session.lua:538: in function 'open'
    /usr/local/openresty/site/lualib/resty/session.lua:560: in function 'start'
    /usr/local/openresty/site/lualib/resty/openidc.lua:1361: in function 'authenticate'
    access_by_lua(frontend.conf:541):52: in main chunk, client: 127.0.0.1, server: 127.0.0.1, request: "GET /hello-world HTTP/1.1", host: "127.0.0.1"
bungle commented 4 years ago

@vavra5, yes there is a bug with that. I am fixing it. The 4000 is the default, so just do not specify it.