Share variable between main request and all subrequests, including SSI

boby · 2016-09-07T20:53:49+00:00

Hi everyone!I have just released v0.0.4 of lua-resty-repl, an interactive console (REPL) for Openresty and luajit code:https://github.com/saks/lua-resty-repl...

Share variable between main request and all subrequests, including SSI

boby

Hello,

I'm struggling to create a unique token/id in the main request and have it accessible in all the sub requests including SSI.

The actual feature is to generate a CSRF token and insert it via SSI echo (most probably) into pages that might be generated via backend or served from cache via ngx_srcache.

Here is a stripped down version, tried to use the existing userid module, but uid_set and uid_got are different between subrequests. Only if I refresh the main page again, I get the constant value. A second approach is to generate a unique token via Lua, but it's the same problem.

I'm getting something like:

uid=6538A8C0D20BD0574740B48A02030303 for the first request

uid=6538A8C0D20BD0574740B48A02040303 for the rest

https://gist.github.com/frozenminds/cdc87c5b1e3f3d46ae2b72a5678498e7

server {
    listen 80;

    server_name test.dev;
    root /var/www/html;

    userid on;

    default_type    text/html;
    index           index.html;
    charset         utf-8;

    set $unique $uid_got$uid_set;

    location / {
        ssi on;

        access_by_lua_block {
            ngx.log(ngx.ERR, "[ROUTE /] UNIQUE: " .. (ngx.var.unique or "unavailable"))
            ngx.log(ngx.ERR, "[ROUTE /] UID_GOT: " .. (ngx.var.uid_got or "unavailable"))
            ngx.log(ngx.ERR, "[ROUTE /] UID_SET: " .. (ngx.var.uid_set or "unavailable"))
        }

        try_files $uri $uri/ @handler;
    }

    location @handler {
        ssi on;

        access_by_lua_block {
            ngx.log(ngx.ERR, "[ROUTE @handler] UNIQUE: " .. (ngx.var.unique or "unavailable"))
            ngx.log(ngx.ERR, "[ROUTE @handler] UID_GOT: " .. (ngx.var.uid_got or "unavailable"))
            ngx.log(ngx.ERR, "[ROUTE @handler] UID_SET: " .. (ngx.var.uid_set or "unavailable"))
        }

        # might be srcache_fetch/fastcgi_pass/etc.
        content_by_lua_block {
            local html = [[
                <!DOCTYPE html>
                <html lang="en">
                <head>
                    <meta charset="UTF-8">
                    <title>Main Request</title>
                </head>
                <body>
                    <h1>Main Request</h1>

                    <p>UID_GOT: <!--#echo var="uid_got" default="ssi uid_got unavailable" --></p>
                    <p>UID_SET: <!--#echo var="uid_set" default="ssi uid_set unavailable" --></p>
                    <p>UNIQUE: <!--#echo var="unique" default="ssi unique unavailable" --></p>
                </body>
                </html>
            ]]

            ngx.print(html)
        }
    }
}

This happens only to the first request, when the user has no cookie.

Thank you in advance!