Nodejs session management comparing to java server session management

Question

Consider a java web application like tomcat, which handles sessions. The sessions are stored in memory (and could be serialized to hard disk during server restart).

For a nodejs application, which does not handle session by it self, you can develop session by using some lib called expressjs/session hosted at https://github.com/expressjs/session. While reviewing the expressjs/session documents you see this warning:

Warning: The default server-side session storage, MemoryStore, is purposely not designed for a production environment. It will leak memory under most conditions, does not scale past a single process, and is meant for debugging and developing.

To me storing the sessions in memory is what is currently done in java web applications, without any problem.

Now my question is:

1. Is storing session in memory a bad practice at all?!
2. If losing session during server restart and performance is not my concern (because of my application scale), is storing session in memory still a bad practice in nodejs?! (Please see What is the use of a session store?)

Answer 1

I think having sessions in memory is bad practice and should be only done when you are doing it in development. This is because at some point to scale you will need to cluster your node process, which for obvious reasons won't be able to access sessions stored in different processes. You may never need more than one process for your application , even so at some point there might come a time that there is just too much unnecessary session stored that cause memory leaks. I would suggest go with Redis as your session store or some other form of database like mongoDB, there was a similar question asked here may be that helps.