Customizable user session store

Currently (v 0.20.X) user session are stored using memorystore, and it can't be changed since it's hardcoded in the file node_modules@node-red\editor-api\lib\auth\index.js

under the code
`
var crypto = require("crypto")
var session = require('express-session')
var MemoryStore = require('memorystore')(session)

adminApp.use(session({
  // As the session is only used across the life-span of an auth
  // hand-shake, we can use a instance specific random string
  secret: crypto.randomBytes(20).toString('hex'),
  resave: false,
  saveUninitialized: false,
  store: new MemoryStore({
    checkPeriod: 86400000 // prune expired entries every 24h
  })
}));

`

Express-session support a large variety of stores, and it would be nice if the user was able to select his preferred store.
Don't know if this impact other aspects but as of my current understanding is just matter to make the string 'memorystore' customizable.

Ivan.

Hi @grisson2

Node-RED uses its own sessions management system backed by the storage plugin of the runtime.

As the comment in the code says:

 // As the session is only used across the life-span of an auth
  // hand-shake, we can use a instance specific random string

Which is to say - we don't use the session store for the general login sessions of the editor. The session store is only used whilst the auth exchange is happening.

With the current code, swapping in a different session store would have little benefit.

Changing the node-red session management to be some else would be a much larger piece of work.