You are browsing unreleased documentation.
Changelog
Kong Gateway 3.5.x
-
Introduced the new configuration field
read_body_for_logout
with a default value offalse
. This change alters the behavior oflogout_post_arg
in such a way that it is no longer considered, unlessread_body_for_logout
is explicitly set totrue
.This adjustment prevents the Session plugin from automatically reading request bodies for logout detection, particularly on POST requests.
Kong Gateway 3.2.x
-
The plugin has been updated to use version 4.0.0 of the
lua-resty-session
library. This introduced several new features, such as the possibility to specify anaudience
for the session. The following configuration parameters were affected:Added:
audience
remember
remember_cookie_name
remember_rolling_timeout
remember_absolute_timeout
absolute_timeout
request_headers
response_headers
Renamed:
-
cookie_lifetime
torolling_timeout
-
cookie_idletime
toidling_timeout
-
cookie_samesite
tocookie_same_site
-
cookie_httponly
tocookie_http_only
-
cookie_discard
tostale_ttl
Removed:
cookie_renew
Kong Gateway 3.1.x
- Added the new configuration parameter
cookie_persistent
, which allows the browser to persist cookies even if the browser is closed. This defaults tofalse
, which means cookies are not persisted across browser restarts.
Kong Gateway 2.7.x
- Starting with Kong Gateway 2.7.0.0, if keyring encryption is enabled,
the
config.secret
parameter value will be encrypted.
Previous
Basic config examples for Session