This is an automated email from the ASF dual-hosted git repository.

shreemaan-abhishek pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new 01cf1e9d5 refactor(cas-auth): drop unnecessary raw Cookie header 
fallback (#13635)
01cf1e9d5 is described below

commit 01cf1e9d593db0c10d28e9d5887a553b53cddf6f
Author: Shreemaan Abhishek <[email protected]>
AuthorDate: Thu Jul 2 12:48:01 2026 +0800

    refactor(cas-auth): drop unnecessary raw Cookie header fallback (#13635)
---
 apisix/plugins/cas-auth.lua | 26 ++------------------------
 1 file changed, 2 insertions(+), 24 deletions(-)

diff --git a/apisix/plugins/cas-auth.lua b/apisix/plugins/cas-auth.lua
index 08dfc0d72..f179c9f92 100644
--- a/apisix/plugins/cas-auth.lua
+++ b/apisix/plugins/cas-auth.lua
@@ -173,28 +173,6 @@ local function set_our_cookie(conf, name, val)
     core.response.add_header("Set-Cookie", name .. "=" .. val .. 
cookie_attrs(conf))
 end
 
--- nginx's $cookie_<name> variable doesn't reliably expose cookies whose names
--- exceed certain lengths in older OpenResty builds (the per-config cookie name
--- is "CAS_SESSION_<sha256-hex>"). Parse the raw Cookie header as a fallback.
-local function get_cookie(ctx, name)
-    local val = ctx.var["cookie_" .. name]
-    if val ~= nil then
-        return val
-    end
-    local cookie_header = ctx.var.http_cookie
-    if not cookie_header then
-        return nil
-    end
-    local prefix = name .. "="
-    for piece in (cookie_header .. ";"):gmatch("([^;]+);") do
-        piece = piece:gsub("^%s+", "")
-        if piece:sub(1, #prefix) == prefix then
-            return piece:sub(#prefix + 1)
-        end
-    end
-    return nil
-end
-
 local function compute_hmac(secret, val)
     local m, err = openssl_mac.new(secret, "HMAC", nil, "sha256")
     if not m then return nil, err end
@@ -357,7 +335,7 @@ end
 
 local function logout(conf, ctx)
     local opts = session_opts(conf)
-    local session_id = get_cookie(ctx, opts.cookie_name)
+    local session_id = ctx.var["cookie_" .. opts.cookie_name]
     if session_id == nil then
         return ngx.HTTP_UNAUTHORIZED
     end
@@ -399,7 +377,7 @@ function _M.access(conf, ctx)
         return ngx.HTTP_OK
     else
         local opts = session_opts(conf)
-        local session_id = get_cookie(ctx, opts.cookie_name)
+        local session_id = ctx.var["cookie_" .. opts.cookie_name]
         if session_id ~= nil then
             return with_session_id(conf, ctx, opts, session_id)
         end

Reply via email to