Session

Release date 2025/10/01

Feature

• Added support for session binding (IP, scheme, and/or User-Agent header).

Release date 2025/05/20

Bugfix

• Fixed an issue where boolean configuration fields hash_subject (default false) and store_metadata (default false) stored the session’s metadata in the database. This also resolves an issue with Dev Portal, where adding these fields to portal_session_conf wasn’t working as expected.

Release date 2025/03/27

Feature

• Added two boolean configuration fields hash_subject (default false) and store_metadata (default false) to store the session’s metadata in the database.

Release date 2025/03/11

Feature

• Added two boolean configuration fields hash_subject (default false) and store_metadata (default false) to store session’s metadata in the database.

Release date 2025/04/10

Feature

• Added two boolean configuration fields hash_subject (default false) and store_metadata (default false) to store session’s metadata in the database.

Release date 2025/04/10

Feature

• Added two boolean configuration fields hash_subject (default false) and store_metadata (default false) to store session’s metadata in the database.

Release date 2023/11/08

Breaking Change

• a new configuration field read_body_for_logout was added with a default value of false, that changes behavior of logout_post_arg in a way that it is not anymore considered if the read_body_for_logout is not explicitly set to true. This is to avoid session plugin from reading request bodies by default on e.g. POST request for logout detection.

Release date 2025/04/29

Bugfix

• Fixed an issue where boolean configuration fields hash_subject (default false) and store_metadata (default false) stored the session’s metadata in the database. This also resolves an issue with Dev Portal, where adding these fields to portal_session_conf wasn’t working as expected.

Release date 2025/03/26

Feature

• Added two boolean configuration fields hash_subject (default false) and store_metadata (default false) to store session’s metadata in the database.

Release date 2023/02/28

Feature

• These plugins now use lua-resty-session v4.0.0.

  This update includes new session functionalities such as configuring audiences to manage multiple sessions in a single cookie, global timeout, and persistent cookies.

  Due to this update, there are also a number of deprecated and removed parameters in these plugins. See the invidividual plugin documentation for the full list of changed parameters in each plugin.

  • Session changelog
  • OpenID Connect changelog
  • SAML changelog

• Session changelog

• OpenID Connect changelog

• SAML changelog

Release date 2022/12/06

Feature

• The anonymous field can now be configured as the username of the consumer. This field allows you to configure a string to use as an “anonymous” consumer if authentication fails.

• Added new config cookie_persistent, which allows the browser to persist cookies even if the browser is closed. This defaults to false which means cookies are not persisted across browser restarts. Thanks @tschaumefor this contribution! #8187

Bugfix

• Added the missing protocols field to the following plugin schemas: Session (session)

Release date 2023/03/28

Bugfix

• Added the missing protocols field to the following plugin schemas: Session (session)