I have substituted my Expressjs session storage on both my local machine (local storage) and Elastic Beanstalk instance (Elasticache) to Redis. I don't have the most experience with the platform, but understand the general commands and most importantly how to clear keys. The reason I have gotten more familiar with the key clearance is because I have run into common issues where cached redis sessions are preventing me from logging into my application on redeployments to elastic beanstalk or db modifications to my local environment.
The local environment scenario that I commonly run into is when truncate my local db while a user is signed in and has a session (authentication via passportjs), which forces me to re-login, but throws an error due to the cached Redis session that is still present
The elastic beanstalk (eb) scenario that I run into is when I deploy local changes to my eb instance, I am force to re-login to my applications, but cached Redis sessions are present.
My question is, what is the best approach to prevent these caching issues from happening both locally and in eb? Is there some modification to my session code that will stop this? Should I make an adjustment to my eb deployment config file to clear on every deploy? What are the Redis best practices.
Here is my redis session storage code:
var express = require('express');
var app = express();
var session = require('express-session');
var RedisStore = require('connect-redis')(session);
app.use(session({
store: new RedisStore({
host: process.env.REDIS_ENDPOINT || 'localhost',
port: 6379
}),
secret: '**super-secret**',
resave: true,
saveUninitialized: true,
cookie: {
httpOnly: true,
secure: false //turn to true on production once https is in place
}
}));
I only destroy the session on /logout from my application:
appRoutes.get('/logout', function(req, res){
req.session.destroy();
req.logout();
console.log('User logged out');
res.redirect('/');
});
