feat(openid-connect): add session.cookie configuration

[illidan33]

Description

Added the configuration items related to resty.session. You can set the behavior and expiration time of the session through the configuration items to avoid the problem that the access token does not expire but the session expires when the expiration time of the access token is longer than the session.

Fixes # (issue)
#10797

Checklist

• I have explained the need for this PR and the problem it solves
• I have explained the changes or the new features added to this PR
• I have added tests corresponding to this change
• I have updated the documentation to reflect this change
• I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

[smileby]

Hello, I think we may need additional testing, and documentation to ensure it is available in the plugin

[illidan33]

Hello, I think we may need additional testing, and documentation to ensure it is available in the plugin
Sure
@smileby @shreemaan-abhishek I have added test code and documentation, and successfully executed it on my local machine. However, I have a question. I am using a Docker setup of Keycloak/etcd on my local machine to validate the test code, referencing test code files from other contributors that use the same realm and client. I am unsure if this approach is standard. Does the official provide standard testing support services? For example, does the official provide a designated Keycloak authentication service for testing purposes?

[shreemaan-abhishek]

@illidan33 you can find the keycloak service defined here:

https://github.com/apache/apisix/blob/21d9ceeac9715dcdad37335fe402e325ee74a43d/ci/pod/docker-compose.plugin.yml#L40C1-L59C91

[illidan33]

@illidan33 you can find the keycloak service defined here:

https://github.com/apache/apisix/blob/21d9ceeac9715dcdad37335fe402e325ee74a43d/ci/pod/docker-compose.plugin.yml#L40C1-L59C91

@shreemaan-abhishek hi, I updated the configuration to keep it the same as the official one.

[monkeyDluffy6017]

If you don't set the cookie.lifetime, what will the target_number be?
If we want to use the condition if target_number >= current_time then, the default value of cookie.lifetime should be less than 100

[illidan33]

The default value of cookie.lifetime is 3600.
Yes, you are right. 100 is not the right condition, I will change it to a larger number than the default value.

[shreemaan-abhishek]

missing description for session.cookie

[monkeyDluffy6017]

It's a map to hold the lifetime, does it need some description?

[illidan33]

missing description for session.cookie
As @monkeyDluffy6017 said, it is a map. I fixed its type to object, does it still need some description?

[illidan33]

@shreemaan-abhishek @monkeyDluffy6017 hi, could you help to check the ci's error. It doesn't look like it failed because of the test code I submitted

[kayx23]

The quality of the english doc is subpar and I cannot understand what it's saying. Please hold the review to a higher standard.

My questions:

• This can be configured with Nginx set $session_cookie_lifetime 3600: does this mean this new configuration option just makes it feasible to configure session_cookie_lifetime dynamically at runtime?
• The next sentence is grammatically incorrect and I cannot understand, @shreemaan-abhishek please rephrase it makes sense to you.
• it is used if the cookies are configured persistent with session.cookie.persistent == true: where is this configuration? it is not in this plugin.
• The Chinese doc also says for more information see ssl_session_timeout. Where is this ssl_session_timeout

[monkeyDluffy6017]

@shreemaan-abhishek could you create a pr to change what @kayx23 mentioned?

[illidan33]

The quality of the english doc is subpar and I cannot understand what it's saying. Please hold the review to a higher standard.

My questions:

• This can be configured with Nginx set $session_cookie_lifetime 3600: does this mean this new configuration option just makes it feasible to configure session_cookie_lifetime dynamically at runtime?
• The next sentence is grammatically incorrect and I cannot understand, @shreemaan-abhishek please rephrase it makes sense to you.
• it is used if the cookies are configured persistent with session.cookie.persistent == true: where is this configuration? it is not in this plugin.
• The Chinese doc also says for more information see ssl_session_timeout. Where is this ssl_session_timeout

hi @kayx23 @monkeyDluffy6017 @shreemaan-abhishek , the documentation is sourced from https://github.com/bungle/lua-resty-session/tree/v3.10, where it describes the session.cookie.lifetime. This update only adds the configuration for lifetime, and the description should only focus on the role of lifetime. I have modified the documentation. Do I need to submit another PR?

[monkeyDluffy6017]

@illidan33 yeah, of course, another pr is needed, and i will invite @kayx23 to review

[illidan33]

@illidan33 yeah, of course, another pr is needed, and i will invite @kayx23 to review

hi @monkeyDluffy6017 @kayx23 , the new pr's link is 10994