kingluo commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-1264279282
> For those still struggling with that, by default resty.session will try to
use `aes` as the encryption algorithm for the cookie that holds the session,
but without setting `session_secret` `session.start` will fail with the reason
`EVP_DecryptFinal_ex`, to avoid that you have to set it with a 32 bytes random
value. If using the helm chart to spin up apisix, this should do the trick
>
> ```yaml
> configurationSnippet:
> httpSrv: |
> set $session_secret 8044c47e83b5ac9bb7c868eb8b202e93;
> ```
The nginx variable would make all openidc instances use the same secret.
So the best way is to distinguish the host and set it accordingly.
```lua
set_by_lua_block $session_secret {
local secrets = {
["foo.domain"] = "xxx",
["bar.domain"] = "yyy",
}
return secrets[ngx.var.host]
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
