SessionStore: Delete DB record when session expires

This only deletes records known to the current Etherpad instance --
old records from previous runs are not automatically cleaned up.

src/node/hooks/express.js

@@ -16,6 +16,7 @@ const webaccess = require('./express/webaccess');
 
 const logger = log4js.getLogger('http');
 let serverName;
+let sessionStore;
 const sockets = new Set();
 const socketsEvents = new events.EventEmitter();
 const startTime = stats.settableGauge('httpStartTime');
@@ -23,32 +24,35 @@ const startTime = stats.settableGauge('httpStartTime');
 exports.server = null;
 
 const closeServer = async () => {
-  if (exports.server == null) return;
-  logger.info('Closing HTTP server...');
-  // Call exports.server.close() to reject new connections but don't await just yet because the
-  // Promise won't resolve until all preexisting connections are closed.
-  const p = util.promisify(exports.server.close.bind(exports.server))();
-  await hooks.aCallAll('expressCloseServer');
-  // Give existing connections some time to close on their own before forcibly terminating. The time
-  // should be long enough to avoid interrupting most preexisting transmissions but short enough to
-  // avoid a noticeable outage.
-  const timeout = setTimeout(async () => {
-    logger.info(`Forcibly terminating remaining ${sockets.size} HTTP connections...`);
-    for (const socket of sockets) socket.destroy(new Error('HTTP server is closing'));
-  }, 5000);
-  let lastLogged = 0;
-  while (sockets.size > 0) {
-    if (Date.now() - lastLogged > 1000) { // Rate limit to avoid filling logs.
-      logger.info(`Waiting for ${sockets.size} HTTP clients to disconnect...`);
-      lastLogged = Date.now();
+  if (exports.server != null) {
+    logger.info('Closing HTTP server...');
+    // Call exports.server.close() to reject new connections but don't await just yet because the
+    // Promise won't resolve until all preexisting connections are closed.
+    const p = util.promisify(exports.server.close.bind(exports.server))();
+    await hooks.aCallAll('expressCloseServer');
+    // Give existing connections some time to close on their own before forcibly terminating. The
+    // time should be long enough to avoid interrupting most preexisting transmissions but short
+    // enough to avoid a noticeable outage.
+    const timeout = setTimeout(async () => {
+      logger.info(`Forcibly terminating remaining ${sockets.size} HTTP connections...`);
+      for (const socket of sockets) socket.destroy(new Error('HTTP server is closing'));
+    }, 5000);
+    let lastLogged = 0;
+    while (sockets.size > 0) {
+      if (Date.now() - lastLogged > 1000) { // Rate limit to avoid filling logs.
+        logger.info(`Waiting for ${sockets.size} HTTP clients to disconnect...`);
+        lastLogged = Date.now();
+      }
+      await events.once(socketsEvents, 'updated');
     }
-    await events.once(socketsEvents, 'updated');
+    await p;
+    clearTimeout(timeout);
+    exports.server = null;
+    startTime.setValue(0);
+    logger.info('HTTP server closed');
   }
-  await p;
-  clearTimeout(timeout);
-  exports.server = null;
-  startTime.setValue(0);
-  logger.info('HTTP server closed');
+  if (sessionStore) sessionStore.shutdown();
+  sessionStore = null;
 };
 
 exports.createServer = async () => {
@@ -172,9 +176,10 @@ exports.restartServer = async () => {
 
   app.use(cookieParser(settings.sessionKey, {}));
 
+  sessionStore = new SessionStore();
   exports.sessionMiddleware = expressSession({
     secret: settings.sessionKey,
-    store: new SessionStore(),
+    store: sessionStore,
     resave: false,
     saveUninitialized: true,
     // Set the cookie name to a javascript identifier compatible string. Makes code handling it