connect.session() MemoryStore is not designed for a production environment

Question

I am trying to test my code before I upload it to the server. However, it my code doesnt work I tried to run it using nodemon --exec npm start and npm start but it keeps showing me this error Warning: connect.session() MemoryStore is not designed for a production environment, as it will leak memory, and will not scale past a single process. Server is running at http://localhost:3000

app.js

const express = require('express')
const path = require('path')
const hbs = require('express-hbs')
const app = express()
const http = require('http')
const server = http.createServer(app)
const session = require('express-session')
const PORT = process.env.PORT || 3000

const io = exports.io = require('socket.io')(server)
app.use(session({
  resave: false, // don't save session if unmodified
  saveUninitialized: false, // don't create session until something stored
  secret: 'keyboard cat'
}))

io.on('connection', (socket) => {
  console.log('User connected')
  socket.on('createMessage', (newMessage) => {
    console.log('newMessage', newMessage)
  })
  socket.on('disconnect', () => {
    console.log('User disconnected')
  })
})

app.engine('hbs', hbs.express4({
  defaultLayout: path.join(__dirname, 'views', 'layouts', 'default')
}))
app.use(express.json())
app.set('view engine', 'hbs')
app.use(express.urlencoded({ extended: false }))
app.use(express.static(path.join(__dirname, 'public')))
app.use('/', require('./routes/home'))
app.set('views', path.join(__dirname, 'views'))
server.listen(PORT, () => { console.log(`Server is running at http://localhost:${server.address().port}`) })

package.json

.
.
"scripts": {
    "start": "NODE_ENV=production node app.js",
    "devstart": "NODE_ENV=development nodemon --inspect ./app.js",
    "lint": "npx eslint . || exit 0",
    "lint:fix": "npx eslint . --fix || exit 0"
  },
.
.

Answer 1

It is not error. It is warning and Yes, usually use something like Redis for session storage on server side. Here in the following, there is something like store parameter which could set to an instance of Redis instead of MemoryStore.

app.use(session({
  resave: false, // don't save session if unmodified
  saveUninitialized: false, // don't create session until something stored
  secret: 'keyboard cat'
}))

The memory store is okay for small app and it seems that you do not save any thing in session (I am not sure about). You can comment this line and relate require of express-session.