Warning: connect.session() MemoryStore is not designed for a production environment, as it will leak memory, and will not scale past a single process

Question

Good day guys here is my code :

var express = require('express');
var session = require('express-session');

var app = express();
app.set('trust proxy', 1);

app.use(session({
secret: 'secret',
saveUninitialized: true,
resave: false,
maxAge: 1000 * 60 * 15,
cookie:{
    secure: true
       }
}));

this code always returns on my log a :

Warning: connect.session() MemoryStore is not designed for a production environment, as it will leak memory, and will not scale past a single process.

i tried googling about it but i don't seems to understand some tutorials . Sorry for my bad english.

Geo Angelopoulos · Answer 1 · 2020-01-25T16:07:44.407

24

Using cookie-session instead of express-session solved this issue for me.

You store the session on the client and not on the server with cookies.

Simply:

Install it with npm install cookie-session
Change

~~var session = require('express-session');~~

to var session = require('cookie-session');

edited Jan 25 '20 at 16:07

answered Jan 07 '20 at 13:13

Geo Angelopoulos

1,037
11
18

score 10 · Accepted Answer · answered Jul 03 '17 at 11:48

10

I hope this would help to someone who's struggling the same problem as mine . Just dug it by myself .

//-momery unleaked---------
app.set('trust proxy', 1);

app.use(session({
cookie:{
    secure: true,
    maxAge:60000
       },
store: new RedisStore(),
secret: 'secret',
saveUninitialized: true,
resave: false
}));

app.use(function(req,res,next){
if(!req.session){
    return next(new Error('Oh no')) //handle error
}
next() //otherwise continue
});

answered Jul 03 '17 at 11:48

Ginxxx

1,602
2
25
54

26

would be more helpful if you do a little bit explaining!!...since you use RedisStore(), what about Mongodb?? – Ankur Shah Oct 02 '17 at 14:37
2

The thing is that it not really safe to store the session data in the memory. It not encrypted or protected in any way.Also, every time when the server is restarted all the session data will be gone and the users will have to login again. Furthermore, you cant scale your app in the future because the session data is stored locally in the memory and cant be accessed by the other instance of the app running either remotely or on the same host as a separate process Using external session storage helps in solving these problems. Redis is a database that can do exactly that. MongoDB will also work. – Algo7 Sep 28 '20 at 23:41

score 4 · Answer 3 · edited Dec 17 '18 at 09:19

4

It's all about storing sessions, you should add a storing system that store sessions into your database. This help your app to manage sessions.

For example, in mongodb you can use connect-mongo, you should found a store package and for other databases.

https://www.npmjs.com/package/connect-mongo

const session = require('express-session');
const MongoStore = require('connect-mongo')(session);

app.use(session({
    secret: 'foo',
    store: new MongoStore(options)
}));

edited Dec 17 '18 at 09:19

smonff

3,399
3
36
46

answered Nov 19 '17 at 23:48

Wael Ben Taleb

99
4

what if i don't use Mongo? – ggnoredo Feb 15 '19 at 14:34
1

You have some choices https://github.com/expressjs/session/blob/master/README.md#compatible-session-stores – MathKimRobin Nov 18 '20 at 15:56

Warning: connect.session() MemoryStore is not designed for a production environment, as it will leak memory, and will not scale past a single process

3 Answers3

Linked