Using redis with lua-resty-openidc

[bpauwels]

Hi,

I am trying to use redis as session store in combination with lua-resty-openidc but for some reason nginx is ignoring my config my set $session_storage redis; and continues to store it in cookies.

Here is my complete server section:

server {
listen 8080 default_server;
server_name ...;
root /data/www;

set $session_name sess_auth;
set $session_storage redis;
set $session_redis_prefix nginx;
set $session_redis_host redis.in.my.cluster.svc;
set $session_redis_port 6379;
set $session_redis_uselocking on;
set $session_redis_spinlockwait 10000;
set $session_redis_maxlockwait 30;
set $session_redis_pool_timeout 45;
set $session_redis_pool_size 10;

access_by_lua '
local opts = {
redirect_uri = "..." ,
accept_none_alg = true,
discovery = "..." ,
client_id = "...",
client_secret = "...",
redirect_uri_scheme = "http",
logout_path = "/logout",
redirect_after_logout_uri = "..." ,
redirect_after_logout_with_id_token_hint = false,
session_contents = {id_token=true}
}
-- call introspect for OAuth 2.0 Bearer Access Token validation
local res, err = require("resty.openidc").authenticate(opts)
if err then
ngx.status = 403
ngx.say(err)
ngx.exit(ngx.HTTP_FORBIDDEN)
end
-- Set Headers
ngx.req.set_header("REMOTE_USER", res.id_token.email)
';
expires 0;
add_header Cache-Control private;
location / {
}
}

Any Idea whats wrong here? the session_name "sess_auth" is working fine...

Thanks

[ghost]

Please include a bit more code about how you use the lua-resty-session package itself to store content inside the session.

Have you tried a short test without lua-resty-openidc, just try to store some data inside the session, use redis-cli to make sure the session is stored inside redis.
Using a redis cluster is not supported as far as I know (depending on how you 'define' cluster, K8s based redis clusters setups are not a problem, but a 'pure' redis cluster is not supported).

I suggest to create the session object directly using the constructor:

local session = require "resty.session".start{
    name = "xyz",
    storage = "redis",
    redis = {
    }
},

this makes debugging inside the part of code where you store data inside the session easier.

[bpauwels]

Now I have tried it without openidc:

server {
       listen     8080 default_server;
       server_name ...;
       root /data/www;

      location / {
      
            content_by_lua '
                local session = require "resty.session".start{
                    name = "sess_auth",
                    storage = "redis",
                    redis = {
                        prefix      =  "nginx",
                        host        =  "my-redis.svc",
                        port        =  6379,
                        uselocking  =  "on",
                        spinlockwait =  10000,
                        maxlockwait  =  30,
                        pool_size    = 10,
                        timeout      =  45,
                    }
                }
                ngx.say("<html><body>Hello World!</body></html>")
            ';
      
                }
}

I get my Hello World page with the session stored in a cookie. No keys created in Redis.

The redis istance (it is not a cluster, just a single instance) is just working fine: I have configured PHP to store it's session information there and can see those keys with redis-cli