Provide production-ready memory store for eypress-session (#5212)

The `express-session` library comes with a session storage meant for
testing by default. That is why you get a message like this when you
start up LibreChat with OIDC enabled:

    Warning: connect.session() MemoryStore is not
    designed for a production environment, as it will leak
    memory, and will not scale past a single process.

LibreChat can already use Redis as a session storage, although Redis support
is still marked as experimental. It also makes the set-up more complex, since
you will need to configure and run yet another service.

This pull request provides a simple alternative by using a in-memory session
store marked as a production-ready alternative by the guys from
`express-session`¹. You can still configure Redis, but this provides a simple,
good default for everyone else.

See also #1014

¹⁾ https://github.com/expressjs/session?tab=readme-ov-file#compatible-session-stores

api/package.json

@@ -76,6 +76,7 @@
     "librechat-mcp": "*",
     "lodash": "^4.17.21",
     "meilisearch": "^0.38.0",
+    "memorystore": "^1.6.7",
     "mime": "^3.0.0",
     "module-alias": "^2.2.3",
     "mongoose": "^8.8.3",

api/server/socialLogins.js

@@ -1,6 +1,7 @@
 const Redis = require('ioredis');
 const passport = require('passport');
 const session = require('express-session');
+const MemoryStore = require('memorystore')(session)
 const RedisStore = require('connect-redis').default;
 const {
   setupOpenId,
@@ -48,6 +49,10 @@ const configureSocialLogins = (app) => {
         .on('ready', () => logger.info('ioredis successfully initialized.'))
         .on('reconnecting', () => logger.info('ioredis reconnecting...'));
       sessionOptions.store = new RedisStore({ client, prefix: 'librechat' });
+    } else {
+      sessionOptions.store = new MemoryStore({
+        checkPeriod: 86400000 // prune expired entries every 24h
+      })
     }
     app.use(session(sessionOptions));
     app.use(passport.session());