Using MemoryStore in production

Ok, after talking to Connect developers, I got more information. There are two things considered memory leaks here:

1. problem with JSON parsing which is already fixed in recent versions
2. the fact that there is no cleanup of expired sessions if the users never access them (i.e. the only cleanup is on-access)

The solution seems to be rather simple, at least this is what I plan to do: use setInterval to periodically clean up the expired sessions. MemoryStore provides all() to get the list, and we can use get() to force reading and thus expire them. Pseudo-code:

function sessionCleanup() {
    sessionStore.all(function(err, sessions) {
        for (var i = 0; i < sessions.length; i++) {
            sessionStore.get(sessions[i], function() {} );
        }
    });
}

Now just call sessionCleanup periodically via setInterval() and you have automatic garbage collection for expired sessions. No more memory leaks.

So the accepted answer to this is [edit: was] pretty much a hack, and the others are just recommending using a database which I think is overkill.

I had the same problem and just replaced express-session with cookie-session.

To do this simply install cookie-session:

npm install cookie-session

Then in your app.js, find where express-session is being used and replace with cookie-session.

app.use(require('cookie-session')({
    // Cookie config, take a look at the docs...
}));

You may need to change some other things, for me is was a simple swap-out-bobs-your-uncle-no-harm-done.