Blacklist items in req.session to not be stored in database.
MaffooBristol opened this issue · comments
Matt Fletcher commented
I'm wanting to keep items in req.session
in memory, but not store them against the sessions DB table for security reasons. But it seems that this module stores everything in the session object into the DB.
Is there any way of choosing to say, "ignore req.session.foo
as that is private information, and store it only in-memory"?
Thanks in advance
Charles Hill commented
I think this is outside the scope of this project. I suggest to use a combination of custom middleware and Map to store secondary (in-memory only) data that maps to each session ID.
Matt Fletcher commented
Thanks for the response. I chose to store the data within browser memory instead!