lusca requires req.session
matharuajay opened this issue · 0 comments
matharuajay commented
Hi,
I am trying to setup a backend code which uses Lusca for security. The code is hosted on EC2 instance and it needs to read some values from AWS Secret Manager. To read the value from secret manager i've to use STS AssumeRole first and read the value, which works fine. But that breaks Lusca somehow.
If I use Lusca with AWS STS AssumeRole i get this error,
Error: lusca requires req.session to be available in order to maintain state
And if I remove the code to AssumeRole lusca works fine.
I noticed when i use AWS STS the req obj header does not contain session attribute.
Can anyone help me with this?