When this._serialize_session() is called upon a Session object, the resulting object looks like:
Note all the functions in the session key— they're from Session.prototype. Why not just add a hasOwnProperty() check?
Is it really a problem?
MongoDB doesn't persist those attributes and you can override the serialize function with serialize option, or set stringify option to true.