damoshushu opened a new pull request, #11286: URL: https://github.com/apache/apisix/pull/11286
### Description In some case, we need to provide different identity providers for different paths within the same host, however apisix uses the name "session" to store the cookie, which will cause the cookie be overwritten by the following authentication action. for example, - uri: /web/app1 use oidc with client_id_a - uri: /web/app2 use another oidc with client_id_b if we access /web/app1, after authentication, the auth cookie will be stored as "session", then we access /web/app2, after authentication, the auth cookie will be overwritten with `client_id_b`. Now we access /web/app1, the `client_id_b`'s token will be passed to app1. Fixes # (issue) https://github.com/apache/apisix/issues/11229 https://github.com/apache/apisix/issues/9834 ### Checklist - [v] I have explained the need for this PR and the problem it solves - [v] I have explained the changes or the new features added to this PR - [ ] I have added tests corresponding to this change - [v] I have updated the documentation to reflect this change - [v] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first) <!-- Note 1. Mark the PR as draft until it's ready to be reviewed. 2. Always add/update tests for any changes unless you have a good reason. 3. Always update the documentation to reflect the changes made in the PR. 4. Make a new commit to resolve conversations instead of `push -f`. 5. To resolve merge conflicts, merge master instead of rebasing. 6. Use "request review" to notify the reviewer after making changes. 7. Only a reviewer can mark a conversation as resolved. --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
