Release 2.17.

Author: bungle

Changes.md

@@ -2,13 +2,17 @@
 
 All notable changes to `lua-resty-session` will be documented in this file.
 
+## [2.17] - 2017-06-12
+### Added
+- Added session.hide() function to hide session cookies from upstream
+  on reverse proxy scenarios.
+
 ## [2.16] - 2017-05-31
 ### Changed
 - Delays setting the defaults until needed, allowing users to safely
   require "resty.session" in different contexts.
 
 ## [2.15] - 2017-02-13
-
 ## Added
 - Added a support for chunked cookies.
   See also: https://github.com/bungle/lua-resty-session/issues/35

README.md

@@ -656,6 +656,16 @@ local session = require "resty.session".start()
 session:destroy()
 ```
 
+#### session:hide()
+
+Sometimes, when you are using `lua-resty-session` in reverse proxy, you may want to hide the session
+cookies from the upstream server. To do that you can call `session:hide()`.
+
+```lua
+local session = require "resty.session".start()
+session:hide()
+```
+
 ### Fields
 
 #### string session.id

lib/resty/session.lua

@@ -5,9 +5,12 @@ local concat       = table.concat
 local hmac         = ngx.hmac_sha1
 local time         = ngx.time
 local http_time    = ngx.http_time
+local set_header   = ngx.req.set_header
+local clear_header = ngx.req.clear_header
 local ceil         = math.ceil
 local max          = math.max
 local find         = string.find
+local gsub         = string.gsub
 local sub          = string.sub
 local type         = type
 local pcall        = pcall
@@ -200,7 +203,7 @@ local function init()
 end
 
 local session = {
-    _VERSION = "2.16"
+    _VERSION = "2.17"
 }
 
 session.__index = session
@@ -369,4 +372,51 @@ function session:destroy()
     return setcookie(self, "", true)
 end
 
+function session:hide()
+    local cookies = var.http_cookie
+    if not cookies then
+        return
+    end
+    local r = {}
+    local n = self.name
+    local i = 1
+    local j = 0
+    local s = find(cookies, ";", 1, true)
+    while s do
+        local c = sub(cookies, i, s - 1)
+        local b = find(c, "=", 1, true)
+        if b then
+            local key = gsub(sub(c, 1, b - 1), "^%s+", "")
+            if key ~= n and key ~= "" then
+                local z = #n
+                if sub(key, z + 1, z + 1) ~= "_" or not tonumber(sub(key, z + 2)) then
+                    j = j + 1
+                    r[j] = c
+                end
+            end
+        end
+        i = s + 1
+        s = find(cookies, ";", i, true)
+    end
+    local c = sub(cookies, i)
+    if c and c ~= "" then
+        local b = find(c, "=", 1, true)
+        if b then
+            local key = gsub(sub(c, 1, b - 1), "^%s+", "")
+            if key ~= n and key ~= "" then
+                local z = #n
+                if sub(key, z + 1, z + 1) ~= "_" or not tonumber(sub(key, z + 2)) then
+                    j = j + 1
+                    r[j] = c
+                end
+            end
+        end
+    end
+    if j == 0 then
+        clear_header("Cookie")
+    else
+        set_header("Cookie", concat(r, "; ", 1, j))
+    end
+end
+
 return session