brentmjohnson commented on issue #8017: URL: https://github.com/apache/apisix/issues/8017#issuecomment-1263514017
@kingluo that is what I understand as well - that session:close() should be safe to call explicitly regardless of the configured storage implementation (supported by the underlying [bungle/lua-resty-session](https://github.com/bungle/lua-resty-session)). I am happy to make a PR for the change, but it will be a few weeks until I can get to it if that is okay. One note on the current cookie storage implementation. It seems like with nginx.conf worker_processes != 1, there are no guarantees for worker affinity for subsequent connections to the same protected route. When the request is handled by a different worker, the session cookie is not valid. I believe the result is actually a plugin error rather than a redirect to the auth endpoint. Since APISIX ships with worker_processes: auto as the default, it might be worth considering moving to the [shared-dictionary-storage-adapter](https://github.com/bungle/lua-resty-session#shared-dictionary-storage-adapter) as a new default session store. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
