nic-6443 commented on issue #13490:
URL: https://github.com/apache/apisix/issues/13490#issuecomment-4667830298
This is the same root cause as #13177 and is fixed by #13178 (merged): the
plugin no longer passes `session.cookie.lifetime` straight through to
lua-resty-session 4.x (which ignores it). `build_session_opts()` now maps the
deprecated `session.cookie.lifetime` to 4.x's `absolute_timeout`, and the flat
4.x options — `idling_timeout`, `rolling_timeout`, `absolute_timeout` — are
exposed directly in the schema. The Redis-storage path goes through the same
mapping, so the timeout is applied there too.
One clarification on the Redis TTL specifically: in lua-resty-session 4.x
the per-entry store TTL tracks `rolling_timeout` (default 3600s) — the session
is renewed on each roll and bounded by `absolute_timeout` — so you may still
see a ~3600s TTL on an individual Redis key even though the overall session now
lives as long as you configure. To control it directly, set the flat keys, e.g.:
```json
"session": {
"secret": "your-secret-key-minimum-16-characters",
"rolling_timeout": 7200,
"absolute_timeout": 7200,
"storage": "redis",
"redis": { "host": "127.0.0.1", "port": 6379 }
}
```
`session.cookie.lifetime: 7200` also keeps working (mapped to
`absolute_timeout`). Either way the lifetime is honored now instead of being
silently ignored.
Closing as fixed by #13178.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
