Description
Apparently we cannot use express-session with the default configuration because MemoryStatedefault configuration that library uses is not designed for a production-like environment. That's why, when running MPIC on staging, openid session details are not created properly. There is a warning when running MPIC at staging:
Warning: connect.session() MemoryStore is not designed for a production environment, as it will leak memory, and will not scale past a single process.
And this error when trying to log in:
Error: did not find expected authorization request details in session, req.session["oidc:idp.wikimedia.org"] is undefined
We use a session cookie to keep the user logged in but`openid` needs to store some details in the user session during the log in process (we get some data from there: user id and user groups). And, at this time, that's not working for staging/production environments.
That said, we need a fix to be able to use memorystore library whose purpose is being able to use memorystore in production environments and prune expired entries based on the specified interval (24 hours in our case)
Acceptance criteria
- MPIC is using memorystore library and sessions are configured to use that library with a checkPeriod to avoid lacks of memory
Notes
- express-session documentation: https://expressjs.com/en/resources/middleware/session