Closed tjunussov closed 8 years ago
agentzh
commented
8 years ago @tjunussov No, sessions are not generated upon every request, but only upon login. You can pass around the generated sessions in your own cookie or request arguments, for example.
tjunussov
commented
8 years ago Ic @agentzh , What about decryption,Is it happen on every request? I would like to my backend recieves only Header with REMOTE_USER
1) when i visit mydomain.com nginx doest find cookie and redirects to auth.mydomain.com 2) on auth domain there is nginx's authbasic ( or whatever, i will do some another service to authorize 3) if auth domain is succeeded, nginx generates/encrypts username in Cookie and redirects to mydomain.com 4) nginx finds cookie, decrypts, and passes to my backend with http header REMOTE_USER = myusername
I think your module perfectly matches this requirements, but i concerned about, wil decryption happens on every request, maybe there is need some sort of cache ( map crypted session to its value )
agentzh
commented
8 years ago @tjunussov Well, decryption is usually very fast, especially when you only encode a user ID in it. Better benchmark and profile things before trying to optimize and cache. This is because the caching overhead might outweigh the decryption overhead itself.
tjunussov
commented
8 years ago ok! will try, thanks
Great work!! Is it possible to cache/store cookie id inside session map, in order not to generate signature on every request but just looking up for cookie inside the map,
I am concerned about performance, because as i understand signatures generated on every request.