Using memorystore to store openid-client session details (!37) · Merge requests · repos / data-engineering / mpic

Santiago Faci requested to merge session-cookie-issue into main Jun 07, 2024

Using memorystore library to store openid-client session details

Apparently we cannot use express-session with the default configuration because MemoryState is not designed for a production environment. That's why, when running MPIC on staging, openid session details are not created properly. There is a warning when running MPIC at staging:

Warning: connect.session() MemoryStore is not
designed for a production environment, as it will leak
memory, and will not scale past a single process.

And this error when trying to log in:

Error: did not find expected authorization request details in session, req.session["oidc:idp.wikimedia.org"] is undefined

This MR aims to fix that using memorystore library whose purpose is being able to use memorystore in production environments and prune expired entries based on the specified interval (24 hours in our case)

Bug: T366918

Edited Jun 07, 2024 by Santiago Faci

Admin message

Admin message

Using memorystore to store openid-client session details

Merge request reports