use session.start instead of session.open; see #174

have the session cookie renewed according to `session.cookie.renew` and `session.cookie.lifetime` settings Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
zmartzone · Sep 25, 2018 · b020090 · b020090
1 parent 26e91a4
commit b020090
Showing 1 changed file with 2 additions and 5 deletions.
diff --git a/lib/resty/openidc.lua b/lib/resty/openidc.lua
@@ -320,7 +320,6 @@ local function openidc_authorize(opts, session, target_url, prompt)
   end
 
   -- store state in the session
-  session:start()
   session.data.original_url = target_url
   session.data.state = state
   session.data.nonce = nonce
@@ -1024,7 +1023,6 @@ local function openidc_authorization_response(opts, session)
     return nil, err, session.data.original_url, session
   end
 
-  session:start()
   -- mark this sessions as authenticated
   session.data.authenticated = true
   -- clear state and nonce to protect against potential misuse
@@ -1173,7 +1171,6 @@ local function openidc_access_token(opts, session, try_to_renew)
   end
   log(DEBUG, "access_token refreshed: ", json.access_token, " updated refresh_token: ", json.refresh_token)
 
-  session:start()
   session.data.access_token = json.access_token
   session.data.access_token_expiration = current_time + openidc_access_token_expires_in(opts, json.expires_in)
   if json.refresh_token then
@@ -1202,7 +1199,7 @@ function openidc.authenticate(opts, target_url, unauth_action, session_opts)
 
   local err
 
-  local session = r_session.open(session_opts)
+  local session = r_session.start(session_opts)
 
   target_url = target_url or ngx.var.request_uri
 
@@ -1318,7 +1315,7 @@ end
 -- get a valid access_token (eventually refreshing the token), or nil if there's no valid access_token
 function openidc.access_token(opts, session_opts)
 
-  local session = r_session.open(session_opts)
+  local session = r_session.start(session_opts)
 
   return openidc_access_token(opts, session, true)
 end