Express session stored in redis for anonymous

Question

I'm using express 4.0 with module express-session, connect-redis and passport for manage sessions. Everything is ok for login and logout, I can retrieve session etc.

But I've noticed something weird: even when I'm anonymous, if I'm going to redis and type:

$ KEYS *

Redis return an entry 1) "sess:VWdwTjPXkITmqQ77xI8cotlltdrz7S8s" even if nobody is currently connected. When I'm connect, this key is replaced by another corresponding to my session. And when I'm logout, the key changes again by another. When the anonymous user call an URL, my req.sessionID is also set.

In this site https://engineering.linkedin.com/nodejs/blazing-fast-nodejs-10-performance-tips-linkedin-mobile I've read something about create session even for anonymous (7. Go session-free) and I think it's related.

I add the middlewhere in the main app.js file with something like:

var
  passport = require('passport'),
  User = require('../models/user'),
  LocalStrategy = require('passport-local').Strategy,
  session = require('express-session'),
  RedisStore = require('connect-redis')(session);

app.use(session({
  store: new RedisStore(app.locals.services.session.config),
  secret: 'mysecretstring'
}));

app.use(passport.initialize());
app.use(passport.session());

passport.use(User.createStrategy());
passport.serializeUser(User.serializeUser());
passport.deserializeUser(User.deserializeUser());

I have the problem even if I start from a fresh server and if I try to GET the homepage where I'm doing nothing:

index: function (req, res) {
  res.render('home/index');
}

Even in this case, a new key is created in my redis.

Note: If I remove both lines, no key are created.

app.use(passport.initialize());
app.use(passport.session());

So, my question is: How to avoid a key creation in Redis for anonymous users ? (and, is it a good idea to not store a session for anonymous ?).

Thanks !

Express session stored in redis for anonymous

Answers (1)

Related Questions