Aapo Talvensaari
Aapo Talvensaari
> it might happen that when user without cookies visits directly the logout URI @oldium, why aren't you then just calling: ```lua require("resty.session").destroy([{ ... config ... }]) ``` Meanwhile I...
@oldium, a couple of notes: > is not even part of the session instance API Yes, that is what I am thinking. There is `session.state` which reports the state but...
@starsz, please do so. I would be happy to merge it.
@shawnchapla-8451 it looks like it is using `resty.openidc` (https://github.com/zmartzone/lua-resty-openidc). It looks to have this parameter: `session_contents = {id_token=true}` ``` -- Whitelist of session content to enable. This can be used...
@shawnchapla-8451 you could also try to get tokens smaller on IDP, e.g. less claims. perhaps using different crypto that generates smaller signatures, perhaps utilize opaque tokens instead of jwt tokens...
what kind of error you get? can you provide a way to reproduce?
@RandomCivil, yes, that is expected, `ngx.location.capture` does not work with `http2`.
It is possible to delete sessions that use storage other than `cookie`. Currently we have no way to maintain a revocation list for sessions that are stored on cookie storage....
@GYWang1983, @kingluo, I am currently working on 4.0 version of the library. It will come with a lot of stuff. I hope to release it within couple of weeks. I...
@GYWang1983, upgrade to 4.0 and enable `store_metadata`. Here is quick script for `redis` storage that I got from co-worker: ``` echo -n "[YOUR_USER]" | base64 | sed 's/..$//' | xargs...