add express-session memorystore without leaks (#1435)

* add express-session memorystore without leaks

* Bump memorystore to v1.6.0

package.json

@@ -47,6 +47,7 @@
         "json-stringify-safe":"5.0.1",
         "jsonata":"1.3.0",
         "media-typer": "0.3.0",
+        "memorystore": "1.6.0",
         "mqtt": "2.9.0",
         "multer": "1.3.0",
         "mustache": "2.3.0",

red/api/auth/index.js

@@ -150,14 +150,19 @@ module.exports = {
     login: login,
     revoke: revoke,
     genericStrategy: function(adminApp,strategy) {
-        var session = require('express-session');
+        var crypto = require("crypto")
-        var crypto = require("crypto");
+        var session = require('express-session')
+        var MemoryStore = require('memorystore')(session)
+
         adminApp.use(session({
-            // As the session is only used across the life-span of an auth
+          // As the session is only used across the life-span of an auth
-            // hand-shake, we can use a instance specific random string
+          // hand-shake, we can use a instance specific random string
-            secret: crypto.randomBytes(20).toString('hex'),
+          secret: crypto.randomBytes(20).toString('hex'),
-            resave: false,
+          resave: false,
-            saveUninitialized:false
+          saveUninitialized: false,
+          store: new MemoryStore({
+            checkPeriod: 86400000 // prune expired entries every 24h
+          })
         }));
         //TODO: all passport references ought to be in ./auth
         adminApp.use(passport.initialize());