Understanding how session check parameters work #128
Comments
|
And you can see usage here: |
|
would it be possible to get feedback from from session.present as to why a session is not present? EX: tampered cookie, user agent switch, etc... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am using lua resty session in an api gateway I am implementing, & I want to include some security features that will block a user from stealing another users session.
I found in the documentation these fields that seem to do what I want:
session.check.ssisession.check.uasession.check.addrsession.check.schemaBut I am not quite sure how do they work... I couldn't find any segment in the
lua-resty-sessioncode that validates the request with these checks...Can someone explain to me how & where does
lua-resty-sessionactually check that the request came from the same ssl session / user agent / client address / schema?And what happens if a request does not match one of these parameters?
The text was updated successfully, but these errors were encountered: