No secret is provided when using a custom session store

[daniel-ac-martin]

When using express-session's MemoryStore the following error is generated:

express-session deprecated req.secret; provide secret option node_modules/hof-bootstrap/lib/sessions.js:19:20

[daniel-ac-martin]

Also, it would be nice to release the new functionality for a custom session store. (It's currently only available on the master branch.)

Also, should we default to Redis here? Why not default to the MemoryStore and let hof-boilerplate set up Redis if that is our current preferred solution? Otherwise changes in this area could break the deployment of future forms.

[JoeChapman]

@easternbloc @danielepolencic @joefitter thoughts please?

[joefitter]

@daniel-ac-martin @JoeChapman @easternbloc @danielepolencic This was released but I haven't looked at it since so wasn't aware of the bug to do with passing in a secret. This was originally done to mock the session for acceptance testing but we ended up just using the standard redis store for this so it isn't actually used by us anymore

Re default implementation using MemoryStore - currently in SO we have 6 forms using bootstrap which all require redis for persistence, I'm not sure I see the benefit of switching the default implementation to memory store, as this would mean we would need to set up the session store and pass it in from within each app, which seems to be moving away from what we are trying to achieve. The aim of bootstrap is to be able to create a new form with as little config as possible using a set of sensible defaults, but to also offer the flexibility for these to be overridden or extended if required