Set_encrypt_session after access phase?

On Thu, Jun 18, 2015 at 11:29 AM, Vader M. [email protected]

I’m having trouble setting a cookie conditionally based upon
an upstream variable The hope is to cache an auth token in an
encrypted session and only go to the backend auth token generator once.

I managed to figure out how to use map to set the cookie:

map $new_auth_tok $cond_cookie_k {
    ''         '';
    default    "my_login=";

map $new_auth_tok $cond_cookie_v {
    ''         '';
    default    $b32_session;

add_header Set-Cookie $cond_cookie_k$cond_cookie_v;

However, my problem is that set_encrypt_session actually runs in the
rewrite phase before my authentication back end like this:

location / {
    root   /var/www;
    index  index.html index.htm;

    set_encrypt_session $enc_auth_tok $new_auth_tok;
    set_encode_base32 $b32 $enc_auth_tok;

    auth_request /auth;
    auth_request_set $new_auth_tok $upstream_http_auth_tok;

    add_header Set-Cookie $cond_cookie_k$cond_cookie_v;

Is there any way to encrypt after the access phase?