Skip to content

Using memorystore to store openid-client session details

Santiago Faci requested to merge session-cookie-issue into main

Using memorystore library to store openid-client session details

Apparently we cannot use express-session with the default configuration because MemoryState is not designed for a production environment. That's why, when running MPIC on staging, openid session details are not created properly. There is a warning when running MPIC at staging:

Warning: connect.session() MemoryStore is not
designed for a production environment, as it will leak
memory, and will not scale past a single process.

And this error when trying to log in:

Error: did not find expected authorization request details in session, req.session["oidc:idp.wikimedia.org"] is undefined

This MR aims to fix that using memorystore library whose purpose is being able to use memorystore in production environments and prune expired entries based on the specified interval (24 hours in our case)

Bug: T366918

Edited by Santiago Faci

Merge request reports