express-session: Don't save uninitialized sessions

This should avoid frivolous session records, such as when the user
gets a 404 (unless login was required to see the 404).

src/node/hooks/express.js

@@ -181,7 +181,7 @@ exports.restartServer = async () => {
     secret: settings.sessionKey,
     store: sessionStore,
     resave: false,
-    saveUninitialized: true,
+    saveUninitialized: false,
     // Set the cookie name to a javascript identifier compatible string. Makes code handling it
     // cleaner :)
     name: 'express_sid',