add express-session memorystore without leaks (#1435)

* add express-session memorystore without leaks * Bump memorystore to v1.6.0
2025-03-01 10:36:34 +00:00 · 2018-01-11 23:51:05 +01:00
parent bedb2d943e
commit 2c4d5fa38d
2 changed files with 13 additions and 7 deletions
--- a/red/api/auth/index.js
+++ b/red/api/auth/index.js
@@ -150,14 +150,19 @@ module.exports = {
    login: login,
    revoke: revoke,
    genericStrategy: function(adminApp,strategy) {
-        var session = require('express-session');
-        var crypto = require("crypto");
+        var crypto = require("crypto")
+        var session = require('express-session')
+        var MemoryStore = require('memorystore')(session)
+
        adminApp.use(session({
-            // As the session is only used across the life-span of an auth
-            // hand-shake, we can use a instance specific random string
-            secret: crypto.randomBytes(20).toString('hex'),
-            resave: false,
-            saveUninitialized:false
+          // As the session is only used across the life-span of an auth
+          // hand-shake, we can use a instance specific random string
+          secret: crypto.randomBytes(20).toString('hex'),
+          resave: false,
+          saveUninitialized: false,
+          store: new MemoryStore({
+            checkPeriod: 86400000 // prune expired entries every 24h
+          })
        }));
        //TODO: all passport references ought to be in ./auth
        adminApp.use(passport.initialize());