lua-resty-openidc
lua-resty-openidc copied to clipboard
zmartzone
session locked error when using shm storage adapter
I have been facing a strange issue while trying to use server side session storage adapters with this package, which results in a "session locked" error when using the shm adapter.
Environment
- lua-resty-openidc v1.7.4-1
- openresty 1.19.3.1 (using the official docker image)
Expected behaviour
The oidc flow to work irrespective of the session storage adapter used.
Actual behaviour
With the shm storage adapter the openid flow always fails with a "session locked" error when the redirected response reaches the /auth/login endpoint.
But with other session storage adapters (tried with cookie and memcached), or with shm without locking things seem fine.
Minimized example and configuration
Uncomment the relevant session_storage setting for each scenario.
And the oidc options need to be specified.
http {
lua_shared_dict sessions 10m;
...
server {
set $session_secret ------;
server_name localhost;
root /home;
index index.html;
listen 8888;
#set $session_storage shm;
set $session_shm_store sessions;
set $session_shm_uselocking on;
set $session_storage memcache;
set $session_memcache_prefix sessions;
set $session_memcache_host 172.17.0.2;
set $session_memcache_port 11211;
set $session_memcache_uselocking on;
add_header Content-Type "text/html" always;
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
location ~ /auth/login {
access_by_lua '
local opts = {
redirect_uri = "/auth/login",
discovery = "----",
token_endpoint = "----",
client_id = "----",
client_secret = "----",
}
local res, err = require("resty.openidc").authenticate(opts)
if err then
ngx.status = 500
-- throws session locked error here
ngx.say("auth login error: "..(err or "nilerr"))
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
else
ngx.say("success")
end
';
}
location ~ /sesstest/start {
include mime.types;
access_by_lua '
local opts = {
redirect_uri = "/auth/login",
discovery = "----",
token_endpoint = "----",
client_id = "----",
client_secret = "----",
}
local res, err, u, session = require("resty.openidc").authenticate(opts)
if err then
ngx.status = 500
ngx.say(err)
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
else
if session then
session.data.name = "Me"
session:save()
session:close()
ngx.say("<html><body>Session has started. ", "<a href=/sesstest/test>Check if it is working</a>!</body></html>")
else
ngx.say("<html><body>Session did not start. "..(err or "nilerr"))
end
end
';
}
location ~ /sesstest/test {
include mime.types;
content_by_lua '
local sess = require "resty.session"
local session = sess.open()
ngx.say("<html><body>Session was started by <strong>", session.data.name or "Anonymous", "</strong>! <a href=/sesstest/modify>Modify the session</a>.</body></html>")
session:close()
';
}
}
}
Is the way I am using the package incorrect, or is the oidc flow or way this package uses session store somehow causing this?
well the cookie storage doesn't perform any locking, so you cannot experience locks. :-)
I've never used the shm backend myself. Maybe somebody over at lua-resty-session is better equipped to help than me.
