From c2ea2b3a6d152da7f920cd9092ce4ec66d500a67 Mon Sep 17 00:00:00 2001
From: John McLear <john@mclear.co.uk>
Date: Mon, 30 Mar 2020 14:59:20 +0000
Subject: [PATCH] webaccess: do not resave session

Before this change, the database was spammed with session values.
Modern express-session has this baked in.
See https://www.npmjs.com/package/express-session#resave for docs.
---
 src/node/hooks/express/webaccess.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js
index 01a040258..ffb132ae1 100644
--- a/src/node/hooks/express/webaccess.js
+++ b/src/node/hooks/express/webaccess.js
@@ -126,7 +126,7 @@ exports.expressConfigure = function (hook_name, args, cb) {
   args.app.use(sessionModule({
     secret: exports.secret,
     store: args.app.sessionStore,
-    resave: true,
+    resave: false,
     saveUninitialized: true,
     name: 'express_sid',
     proxy: true,