openresty / encrypted-session-nginx-module

encrypt and decrypt nginx variable values
http://openresty.org
195 stars 52 forks source link

Question or Feature - Cache session in map ( instead of decrypt ) #8

Closed tjunussov closed 8 years ago

tjunussov commented 8 years ago

Great work!! Is it possible to cache/store cookie id inside session map, in order not to generate signature on every request but just looking up for cookie inside the map,

I am concerned about performance, because as i understand signatures generated on every request.

agentzh commented 8 years ago

@tjunussov No, sessions are not generated upon every request, but only upon login. You can pass around the generated sessions in your own cookie or request arguments, for example.

tjunussov commented 8 years ago

Ic @agentzh , What about decryption,Is it happen on every request? I would like to my backend recieves only Header with REMOTE_USER

here is how my app suppose to work :

1) when i visit mydomain.com nginx doest find cookie and redirects to auth.mydomain.com 2) on auth domain there is nginx's authbasic ( or whatever, i will do some another service to authorize 3) if auth domain is succeeded, nginx generates/encrypts username in Cookie and redirects to mydomain.com 4) nginx finds cookie, decrypts, and passes to my backend with http header REMOTE_USER = myusername

I think your module perfectly matches this requirements, but i concerned about, wil decryption happens on every request, maybe there is need some sort of cache ( map crypted session to its value )

agentzh commented 8 years ago

@tjunussov Well, decryption is usually very fast, especially when you only encode a user ID in it. Better benchmark and profile things before trying to optimize and cache. This is because the caching overhead might outweigh the decryption overhead itself.

tjunussov commented 8 years ago

ok! will try, thanks