RegMTS commented on issue #12495: URL: https://github.com/apache/apisix/issues/12495#issuecomment-3228330090
Hi @bzp2010 and @moonming, thank you so much for the detailed and in-depth explanation. It perfectly clarifies the trade-offs of each approach. I really appreciate the time you dedicated to this analysis. I now have a much better understanding of the reasoning behind the Redis suggestion, especially for scalability and to overcome the limitations of cookie-based sessions (size, no revocation) and `shdict` (cluster propagation). Our primary architectural goal remains to centralize the security logic in the gateway, completely abstracting it from the Single-Page Application, as if it were an application we cannot modify. For this reason, the `bearer_only: true` mode (which shifts the OIDC logic to the frontend) is not our first choice, although I understand its benefits in other contexts. In light of this, and considering that our deployment does not require an APISIX cluster for the time being, the **`shdict`**-based solution seems like the ideal compromise for our use case. It keeps the session server-side, solving the issues related to cookie size, and it is a native feature. I've looked through the documentation, but I couldn't find a specific example that illustrates how to configure two routes to share a session via `shdict`. To proceed with testing, I would need your help. Would you be able to provide a configuration example for the two routes (`/*` and `/api/*`) that shows how to correctly enable and set up session management via `shdict` in the `openid-connect` plugin, in order to solve the context-sharing problem? Thanks again for your time and for your support. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
