Using MemoryStore in production

node.js

Today I ran my Node.js application in "production" mode for the first time and got this warning:

Warning: connection.session() MemoryStore is not
designed for a production environment, as it will leak
memory, and obviously only work within a single process.

I only need to run a single process, but what should I use instead? I want my sessions to reside in RAM for fast access. I also want to be able to discard all the sessions by simply shutting down the Node app.

It seems an overkill to install Redis, MongoDB or another database just for this simple task. I also don't understand why is MemoryStore included in Node when it should not really be used?


Ok, after talking to Connect developers, I got more information. There are two things considered memory leaks here:

  1. problem with JSON parsing which is already fixed in recent versions
  2. the fact that there is no cleanup of expired sessions if the users never access them (i.e. the only cleanup is on-access)

The solution seems to be rather simple, at least this is what I plan to do: use setInterval to periodically clean up the expired sessions. MemoryStore provides all() to get the list, and we can use get() to force reading and thus expire them. Pseudo-code:

function sessionCleanup() {
    sessionStore.all(function(err, sessions) {
        for (var i = 0; i < sessions.length; i++) {
            sessionStore.get(sessions[i], function() {} );
        }
    });
}

Now just call sessionCleanup periodically via setInterval() and you have automatic garbage collection for expired sessions. No more memory leaks.


So the accepted answer to this is [edit: was] pretty much a hack, and the others are just recommending using a database which I think is overkill.

I had the same problem and just replaced express-session with cookie-session.

To do this simply install cookie-session:

npm install cookie-session

Then in your app.js, find where express-session is being used and replace with cookie-session.

app.use(require('cookie-session')({
    // Cookie config, take a look at the docs...
}));

You may need to change some other things, for me is was a simple swap-out-bobs-your-uncle-no-harm-done.


MemoryStore is just for (rapid) development mode, because if your app restarts (process dies) you will lose all the session data (that resided in the memory of that process).

If you don't want to use a database, use encrypted cookie storage instead.

http://www.senchalabs.org/connect/cookieSession.html


This module was designed to deal with the memory leak issue. https://www.npmjs.com/package/session-memory-store

The accepted answer may be fine. However, since this question shows up high in the list of search results I figured I would include this in case it helps anyone else.

Related

What does set -e and exec "$@" do for docker entrypoint scripts?
In ASP.NET, when should I use Session.Clear() rather than Session.Abandon()?
Why does a return in `finally` override `try`?
Why are certain function calls termed "illegal invocations" in JavaScript?
Exclude folder from search but not from the project list
How to track child process using strace?
Using OpenGl with C#? [closed]
Transform Java Future into a CompletableFuture
Why does this string extension method not throw an exception?
Gradle - no main manifest attribute
How do I apply CSS3 transition to all properties except background-position?
Namespace and class with the same name?