Aapo Talvensaari
Aapo Talvensaari
> Aapo, is there a way to fix the performance problem without a breaking change? Perhaps giving users a knob to disable reading bodies (and then calling that out in...
> Are you more open to an alternate where we introduce a net new schema field that toggles the behavior of reading bodies or not? As said, there is already...
@outsinre could you add tests?
@outsinre can you also explain security vulnerability? I guess this is somewhat related to connection pooling that can be shared by some other app?
This library supports `pool_name`: https://github.com/bungle/lua-resty-session/blob/master/lib/resty/session/redis.lua#L191 So I guess it is just the default pool name generation (which this library does not try to do, it leaves that to either user...
To be honest, I don't see any problem with this library. Should we have default pool name generation? Not sure. Should it be part of `resty.redis` library, why here? Or...
@CX-ZG most likely difference in OpenSSL version (are you on 1.1.x?). Which version are you running?
Perhaps we need to `pcall` this and default to `false` in case it fails.
@oldium I think there are two ways to fix this: you call `:save` if session was inexistent OR lib call `:save` when the session was new here: https://github.com/bungle/lua-resty-session/blob/master/lib/resty/session.lua#L2726. Perhaps `:destroy`...
I think why we skipped the `save` on `start` when the session was inexistent was that you rarely want to have session that has no data. But making `:destroy` a...