kingluo commented on issue #8017: URL: https://github.com/apache/apisix/issues/8017#issuecomment-1263720882
> One note on the current cookie storage implementation. It seems like with nginx.conf worker_processes != 1, there are no guarantees for worker affinity for subsequent connections to the same protected route. When the request is handled by a different worker, the session cookie is not valid. I believe the result is actually a plugin error rather than a redirect to the auth endpoint. No, there are two misunderstanding here. * The storage only determines where to store the session. It does not change the fact that the session key comes from the cookie. That is, even if you set the storage adapter as shm, when you request to different route with different host setting (keep in mind that the cookie is only bound to the host, without scheme and port), you do not get the same session, because the cookie is different. * The routes are shared by all worker processes. Even if you keep sending requests to the same worker process but with different hosts, you still get different results. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
