ruby-openid icon indicating copy to clipboard operation
ruby-openid copied to clipboard
verified publisher icon openid

add encrypted cookie store

Open aaronpk opened this issue 10 years ago • 1 comments

Would it be possible to add the option for storing state in an encrypted cookie? It looks like it'd just be a matter of adding a new store class.

The problem I'm running in to is I'm running an OpenID server on a load balanced domain with three physically separate servers that don't share any state. All my other session handling is done by storing data in encrypted cookies so any server can handle the request.

aaronpk avatar Sep 19 '15 22:09 aaronpk

It's possible to extend with custom stores. See for example the Redis store. It shouldn't be too much work to implement it yourself.

I'm not sure about the security implications, as it does kind of compromise some of the principles. But if the encryption is strong enough, it might be okay. (I'm not a security expert.)

Alternatives would be to either add a shared session storage, with e.g. Redis, or configure the load balancer to ensure requests coming from a client always goes to the same server.

tobiashm avatar Sep 21 '15 20:09 tobiashm

This repo is being archived. Closing issue.

timcappalli avatar Jul 24 '23 18:07 timcappalli