Change default session store to cookie store when in production mode #1648
Conversation
We want to be able to change environment variables in the command line tool before starting the kit implementation, but that means we need to make sure that no imports/requires are done until the last moment.
Change the default configuration of the kit so that when the kit is run in production (`NODE_ENV=production`) the cookie session store is used instead of the memory session store. The impact of this is that session data will default to be preserved between server restarts, and the user will not see a warning from `express-session` in their server logs every server restart. This commit keeps memory store as the default when running the kit locally, and the configuration can still be overridden.
lfdebrux
force-pushed
the
ldeb-use-session-store-when-hosted
branch
from
b63849e
to
19146e3
Compare
|
I think there's a potential issue with this - cookies have a max size of about 4k, and will silently fail if you try to store more |
Hmm, okay, do we have user reports of this issue affecting them? |
|
no, but I'm not aware of anyone using this option - I dont think its even documented, and its the reason we didnt make it default |
|
discussed with @lfdebrux :
@lfdebrux to investigate multi cookie store which may give us the persistence without the 4k limit |
|
Our prototype stores a lot in session memory. I'm not entirely sure how to tell how much we're using, but I saved it off as json in a file. The raw file is 23 megabytes. Compressed is 2.4mb. Even for a small service, 4k is a very low limit - you could easily breach it. Aside - does this get sent to and from the client with each request? would that slow things down? |
Thanks for the info, that is useful. Just to check, is that from multiple sessions with multiple users? Also, just out of interest, what is the composition of the session data? How many of the questions are checkboxes/radios, and how many are free-form text fields?
I think it depends on the kind of service and the kind of questions asked, but agree it is a little stingy. With splitting cookies we could get at most 80 KiB, which is a bit more generous, but perhaps still not enough?
Yes, that is a consideration. |
|
@lfdebrux this is data pre-loaded with session defaults. My service is a casework service, so we have seed records for a few thousand trainees. Within each trainee is a bunch of simulated data. We've also got a few sizeable datasets for use in autocompletes and in routes. One of them is probably what makes us 20mb rather than 2mb. I actually moved it out of session data for this reason, but think I may have a bug and have re-loaded it somewhere. |
|
to note, we changed to using files to store session #1658 |
Change the default configuration of the kit so that when the kit is run in production (
NODE_ENV=production) the cookie session store is used instead of the memory session store. The impact of this is that session data will default to be preserved between server restarts, and the user will not see a warning fromexpress-sessionin their server logs every server restart.This PR still defaults to using the memory session store when running the kit locally, and the configuration can still be overridden.