[Question] Does pruning delete from the database and is there an obfuscation feature?

[pthieu]

I have OAuth API's from external platforms being used and the session store records all this information in the database.

I don't really need sessions except for handling OAuth so I'm ok with setting the maxAge to something like 5 minutes or even less so that when pruning happens, it will remove the session entry in the DB. However, if pruning doesn't delete the row from the DB, then this wouldn't work.

The other method I've seen other packages do is to encrypts the payload on write then decrypts it on read. This takes a performance hit, but adds a layer of security that some people need.

[pthieu]

Just did a test, looks like it removes from the DB. Closing issue.