From 0cd4c2444fb6fb08624fb536163086e9236cb310 Mon Sep 17 00:00:00 2001 From: Aapo Talvensaari Date: Thu, 25 Sep 2025 09:15:31 +0000 Subject: [PATCH] fix(*): timeout remember cookies instead of deleting ### Summary There are use cases where immediate deletion of remember cookies causes issues. Those use cases mostly happen in client browser based JS apps, single page apps, where the login semantics is not clearly separated from the app. --- Changes.md | 5 + README.md | 3 +- docs/index.html | 2 +- docs/modules/resty.session.dshm.html | 54 +++---- docs/modules/resty.session.file.html | 54 +++---- docs/modules/resty.session.file.thread.html | 76 +++++---- docs/modules/resty.session.file.utils.html | 44 ++--- docs/modules/resty.session.html | 82 +++++----- docs/modules/resty.session.memcached.html | 54 +++---- docs/modules/resty.session.mysql.html | 54 +++---- docs/modules/resty.session.postgres.html | 54 +++---- docs/modules/resty.session.redis.cluster.html | 54 +++---- docs/modules/resty.session.redis.common.html | 66 ++++---- docs/modules/resty.session.redis.html | 54 +++---- .../modules/resty.session.redis.sentinel.html | 54 +++---- docs/modules/resty.session.shm.html | 54 +++---- docs/modules/resty.session.utils.html | 152 +++++++++--------- lib/resty/session.lua | 2 +- lib/resty/session/dshm.lua | 10 +- lib/resty/session/file.lua | 1 - lib/resty/session/file/thread.lua | 20 +-- lib/resty/session/memcached.lua | 9 +- lib/resty/session/mysql.lua | 11 +- lib/resty/session/postgres.lua | 11 +- lib/resty/session/redis.lua | 1 - lib/resty/session/redis/cluster.lua | 1 - lib/resty/session/redis/common.lua | 23 +-- lib/resty/session/redis/sentinel.lua | 1 - lib/resty/session/shm.lua | 20 +-- spec/04-storage-1_spec.lua | 29 +--- spec/05-storage-2_spec.lua | 28 +--- 31 files changed, 484 insertions(+), 599 deletions(-) diff --git a/Changes.md b/Changes.md index 27c026d2..f67bba23 100644 --- a/Changes.md +++ b/Changes.md @@ -2,6 +2,11 @@ All notable changes to `lua-resty-session` will be documented in this file. +## [4.1.5] - TBD +### Changed +- fix(*): timeout remember cookies instead of deleting + + ## [4.1.4] - 2025-08-11 ### Fixed - fix(redis-cluster): correctly pass username and password diff --git a/README.md b/README.md index ae131fb0..8f3f2e45 100644 --- a/README.md +++ b/README.md @@ -1386,10 +1386,9 @@ end -- @tparam[opt] string old_key old session id -- @tparam string stale_ttl stale ttl -- @tparam[opt] table metadata table of metadata --- @tparam boolean remember whether storing persistent session or not -- @treturn true|nil ok -- @treturn string error message -function metatable:set(name, key, value, ttl, current_time, old_key, stale_ttl, metadata, remember) +function metatable:set(name, key, value, ttl, current_time, old_key, stale_ttl, metadata) -- NYI end diff --git a/docs/index.html b/docs/index.html index 242ace42..cba09bb1 100644 --- a/docs/index.html +++ b/docs/index.html @@ -121,7 +121,7 @@

Modules

generated by LDoc 1.5.0 -Last updated 2025-07-29 12:02:00 +Last updated 2025-09-25 09:16:46
diff --git a/docs/modules/resty.session.dshm.html b/docs/modules/resty.session.dshm.html index 1dd553b6..aec37b1f 100644 --- a/docs/modules/resty.session.dshm.html +++ b/docs/modules/resty.session.dshm.html @@ -85,7 +85,7 @@

Constructors

Storage

- + @@ -185,7 +185,7 @@

Constructors

Parameters:

instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata], remember)instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata]) Store session data.
- + @@ -155,7 +155,7 @@

Constructors

Parameters:

instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata], remember)instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata]) Store session data.
- + @@ -95,7 +95,7 @@

Functions

- module.set (path, prefix, suffix, name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata], remember) + module.set (path, prefix, suffix, name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata])
Store session data. @@ -104,27 +104,27 @@

Functions

Parameters:

Returns:

  1. - table or nil + table or nil session metadata
  2. - string + string error message
@@ -180,23 +176,23 @@

Returns:

Parameters:

@@ -204,10 +200,10 @@

Parameters:

Returns:

  1. - string or nil + string or nil session data
  2. - string + string error message
@@ -226,23 +222,23 @@

Returns:

Parameters:

  • path - string + string the path where sessions are stored
  • prefix - string + string the prefix for session files
  • suffix - string + string the suffix for session files
  • name - string + string the cookie name
  • key - string + string session key
  • current_time @@ -254,10 +250,10 @@

    Parameters:

    Returns:

    1. - table or nil + table or nil session metadata
    2. - string + string error message
    @@ -276,27 +272,27 @@

    Returns:

    Parameters:

    • path - string + string the path where sessions are stored
    • prefix - string + string the prefix for session files
    • suffix - string + string the suffix for session files
    • name - string + string the cookie name
    • audience - string + string session audience
    • subject - string + string session subject
    • current_time @@ -308,10 +304,10 @@

      Parameters:

      Returns:

      1. - table or nil + table or nil session metadata
      2. - string + string error message
      @@ -326,7 +322,7 @@

      Returns:

      generated by LDoc 1.5.0 -Last updated 2025-07-29 12:02:00 +Last updated 2025-09-25 09:16:46
      diff --git a/docs/modules/resty.session.file.utils.html b/docs/modules/resty.session.file.utils.html index d9838d39..6978e4e2 100644 --- a/docs/modules/resty.session.file.utils.html +++ b/docs/modules/resty.session.file.utils.html @@ -116,11 +116,11 @@

      Functions

      Parameters:

      @@ -131,7 +131,7 @@

      Returns:

      true or nil ok
    • - string + string error message
      • @@ -150,11 +150,11 @@

      Returns:

      Parameters:

      @@ -165,7 +165,7 @@

      Returns:

      true or nil ok
    • - string + string error message
      • @@ -184,7 +184,7 @@

      Returns:

      Parameters:

      @@ -192,10 +192,10 @@

      Parameters:

      Returns:

      1. - string or nil + string or nil content
      2. - string + string error message
      @@ -214,7 +214,7 @@

      Returns:

      Parameters:

      @@ -235,11 +235,11 @@

      Parameters:

      Parameters:

      @@ -247,7 +247,7 @@

      Parameters:

      Returns:

        - string + string metadata key
      @@ -267,19 +267,19 @@

      Returns:

      Parameters:

      @@ -306,19 +306,19 @@

      Returns:

      Parameters:

      • path - string + string the path where sessions are stored
      • prefix - string + string the prefix for session files
      • suffix - string + string the suffix for session files
      • name - string + string cookie name
      • current_time @@ -345,7 +345,7 @@

        Returns:

        generated by LDoc 1.5.0 -Last updated 2025-07-29 12:02:00 +Last updated 2025-09-25 09:16:46
        diff --git a/docs/modules/resty.session.html b/docs/modules/resty.session.html index 288dca86..f7a26a24 100644 --- a/docs/modules/resty.session.html +++ b/docs/modules/resty.session.html @@ -231,7 +231,7 @@

        Session

        Parameters:

        • key - string + string key
        • value @@ -255,7 +255,7 @@

          Parameters:

          Parameters:

          @@ -287,7 +287,7 @@

          Returns:

          true or nil ok
        • - string + string error message
          • @@ -306,7 +306,7 @@

          Returns:

          Parameters:

          @@ -338,7 +338,7 @@

          Usage:

          Returns:

            - table + table value
          @@ -365,7 +365,7 @@

          Usage:

          Parameters:

          • key - string + string key
          • value @@ -395,7 +395,7 @@

            Parameters:

            Parameters:

            @@ -429,7 +429,7 @@

            Usage:

            Parameters:

            @@ -456,7 +456,7 @@

            Usage:

            Returns:

              - string + string audience
            @@ -475,7 +475,7 @@

            Returns:

            Parameters:

            @@ -502,7 +502,7 @@

            Usage:

            Returns:

              - string + string subject
            @@ -539,7 +539,7 @@

            Usage:

            Returns:

              - string or number + string or number metadata
            @@ -615,7 +615,7 @@

            Returns:

            true or nil ok
          • - string + string error message
            • @@ -642,7 +642,7 @@

            Returns:

            true or nil ok
          • - string + string error message
            • @@ -669,7 +669,7 @@

            Returns:

            true or nil ok
          • - string + string error message
            • @@ -698,7 +698,7 @@

            Returns:

            true or nil ok
          • - string + string error message
            • @@ -724,7 +724,7 @@

            Returns:

            true or nil ok
          • - string + string error message
            • @@ -749,7 +749,7 @@

            Returns:

            true or nil ok
          • - string + string error message
            • @@ -793,7 +793,7 @@

            Returns:

            true or nil ok
          • - string + string error message
            • @@ -812,7 +812,7 @@

            Returns:

            Parameters:

            • ... - string + string @@ -826,7 +826,7 @@

              Returns:

              true or nil ok
            • - string + string error message
              • @@ -845,7 +845,7 @@

              Returns:

              Parameters:

              • ... - string + string @@ -859,7 +859,7 @@

                Returns:

                true or nil ok
              • - string + string error message
                • @@ -878,7 +878,7 @@

                Returns:

                Parameters:

                • ... - string + string @@ -892,7 +892,7 @@

                  Returns:

                  true or nil ok
                • - string + string error message
                  • @@ -1017,7 +1017,7 @@

                  Fields:

                  Set of headers to send to downstream, use id, audience, subject, timeout, idling-timeout, rolling-timeout, absolute-timeout. E.g. { "id", "timeout" } will set Session-Id and Session-Timeout response headers when set_headers is called.
                • storage - Storage is responsible of storing session data, use nil or "cookie" (data is stored in cookie), "dshm", "file", "memcached", "mysql", "postgres", "redis", or "shm", or give a name of custom module ("custom-storage"), or a table that implements session storage interface (defaults to nil) + Storage is responsible of storing session data, use nil or "cookie" (data is stored in cookie), "dshm", "file", "memcached", "mysql", "postgres", "redis", or "shm", or give a name of custom module ("custom-storage"), or a table that implements session storage interface (defaults to nil)
                • dshm Configuration for dshm storage, e.g. { prefix = "sessions" } @@ -1069,7 +1069,7 @@

                  Initialization

                  Parameters:

                  • configuration - table + table session configuration overrides (optional)
                    • @@ -1108,7 +1108,7 @@

                    Constructors

                    Parameters:

                    • configuration - table + table session configuration overrides (optional)
                      • @@ -1117,7 +1117,7 @@

                      Parameters:

                      Returns:

                        - table + table session instance
                      @@ -1151,7 +1151,7 @@

                      Helpers

                      Parameters:

                      • configuration - table + table session configuration overrides (optional)
                        • @@ -1160,10 +1160,10 @@

                        Parameters:

                        Returns:

                        1. - table + table session instance
                        2. - string + string error message
                        3. boolean @@ -1197,7 +1197,7 @@

                          Usage:

                          Parameters:

                          • configuration - table + table session configuration overrides (optional)
                            • @@ -1206,10 +1206,10 @@

                            Parameters:

                            Returns:

                            1. - table + table session instance
                            2. - string + string error message
                            3. boolean @@ -1246,7 +1246,7 @@

                              Usage:

                              audiences.

                              When there is only a single audience, then this can be considered - equal to session.destroy.

                              + equal to session.destroy.

                              When the last audience is logged out, the cookie will be destroyed as well and invalidated on a client. @@ -1255,7 +1255,7 @@

                              Usage:

                              Parameters:

                              • configuration - table + table session configuration overrides (optional)
                                • @@ -1267,7 +1267,7 @@

                                Returns:

                                boolean true session exists for an audience and was logged out successfully, otherwise false
                              • - string + string error message
                              • boolean @@ -1302,7 +1302,7 @@

                                Usage:

                                Parameters:

                                • configuration - table + table session configuration overrides (optional)
                                  • @@ -1314,7 +1314,7 @@

                                  Returns:

                                  boolean true session exists and was destroyed successfully, otherwise nil
                                • - string + string error message
                                • boolean @@ -1343,7 +1343,7 @@

                                  Usage:

                                  generated by LDoc 1.5.0 -Last updated 2025-07-29 12:02:00 +Last updated 2025-09-25 09:16:46
                                  diff --git a/docs/modules/resty.session.memcached.html b/docs/modules/resty.session.memcached.html index b1c7f6c4..12b3100e 100644 --- a/docs/modules/resty.session.memcached.html +++ b/docs/modules/resty.session.memcached.html @@ -85,7 +85,7 @@

                                  Constructors

                                  Storage

module.set (path, prefix, suffix, name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata], remember)module.set (path, prefix, suffix, name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata]) Store session data.
- + @@ -188,7 +188,7 @@

Constructors

Parameters:

instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata], remember)instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata]) Store session data.
- + @@ -212,7 +212,7 @@

Constructors

Parameters:

instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata], remember)instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata]) Store session data.
- + @@ -209,7 +209,7 @@

Constructors

Parameters:

instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata], remember)instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata]) Store session data.
- + @@ -251,7 +251,7 @@

Constructors

Parameters:

instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata], remember)instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata]) Store session data.
- + @@ -96,7 +96,7 @@

Functions

- module.SET (storage, red, name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata], remember) + module.SET (storage, red, name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata])
Store session data. @@ -105,23 +105,23 @@

Functions

Parameters:

Returns:

@@ -158,7 +154,7 @@

Returns:

true or nil ok
  • - string + string error message
    • @@ -177,19 +173,19 @@

    Returns:

    Parameters:

    @@ -197,10 +193,10 @@

    Parameters:

    Returns:

    1. - string or nil + string or nil session data
    2. - string + string error message
    @@ -219,19 +215,19 @@

    Returns:

    Parameters:

    • storage - table + table the storage
    • red - table + table the redis instance
    • name - string + string cookie name
    • key - string + string session key
    • current_time @@ -239,7 +235,7 @@

      Parameters:

      current time
    • metadata - table + table session meta data (optional)
      • @@ -251,7 +247,7 @@

      Returns:

      boolean or nil session data
    • - string + string error message
      • @@ -270,23 +266,23 @@

      Returns:

      Parameters:

      • storage - table + table the storage
      • red - table + table the redis instance
      • name - string + string cookie name
      • audience - string + string session key
      • subject - string + string session key
      • current_time @@ -298,10 +294,10 @@

        Parameters:

        Returns:

        1. - table or nil + table or nil session metadata
        2. - string + string error message
        @@ -316,7 +312,7 @@

        Returns:

        generated by LDoc 1.5.0 -Last updated 2025-07-29 12:02:00 +Last updated 2025-09-25 09:16:46
        diff --git a/docs/modules/resty.session.redis.html b/docs/modules/resty.session.redis.html index 7cd50e39..b005d8fb 100644 --- a/docs/modules/resty.session.redis.html +++ b/docs/modules/resty.session.redis.html @@ -85,7 +85,7 @@

        Constructors

        Storage

    module.SET (storage, red, name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata], remember)module.SET (storage, red, name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata]) Store session data.
    - + @@ -197,7 +197,7 @@

    Constructors

    Parameters:

    instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata], remember)instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata]) Store session data.
    - + @@ -248,7 +248,7 @@

    Constructors

    Parameters:

    instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata], remember)instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata]) Store session data.
    - + @@ -152,7 +152,7 @@

    Constructors

    Parameters:

    instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata], remember)instance:set (name, key, value, ttl, current_time[, old_key], stale_ttl[, metadata]) Store session data.