Does anyone care about it?
daemon.warn
nginx
2018/02/10 19:54:19 [warn] 4666#0: *350 [lua] session.lua:103: changeUser(): changing user to admin, client: 192.168.0.2, server: localhost, request: "POST /authenticate HTTP/1.1", host: "192.168.0.1", referrer: "hxxp://192.168.0.1/"
103:
-- set a new user for the session
-- @param user the user to switch to
-- As the security in the web framework is tied to the
-- user role, the session identity is changed when the
-- role changes so that the client will se a new identity
-- after login or logout
daemon.warn
nginx
2018/02/10 19:54:15 [warn] 4666#0: *349 [lua] session.lua:343: new(): new session for default user, client: 192.168.0.2, server: localhost,
request: "GET / HTTP/1.1", host: "192.168.0.1"
343:
-- Create a new session.
-- @param sessionAddress The IP addresses linked to the new session.
-- This is a table with the field 'server' and 'remote'.
-- This should not change during a session.
-- @param mgr The session manager that creates the new session.
-- @return A new session is returned that is initiated with the default
-- user and role.
daemon.err
nginx
2018/02/10 19:53:55 [error] 4666#0: *348 [lua] sessionmgr.lua:231: redirectIfNotAuthorized(): Unauthorized request, client: 192.168.0.2,
server: localhost, request: "GET / HTTP/1.1", host: "192.168.0.1",referrer: "hxxp://192.168.0.1/"
231:
-- Not authorized; show the login page.
-- Make sure this internal redirect uses the new session ID
-- (if one was created) to avoid allocating a new session.
-- Don't touch other cookies.