improve the session validation logic so that it is called at intervals defined by settings.sessionTTL.
in general, it looks like the existing code has wrong logic if you were to supply options.expires but i didn't dig into that. it looks like, the setTimeout for session validation would use options.expires as a number that represents an interval of time whereas if you were to follow the logic of the code that creates sessions via session = exports.forceSession(request, options.expires);, forceSession is going to treat that value as an absolute time representing when the session expires.
session = exports.forceSession(request, options.expires);
call sessionModel.validate at intervals
improve the session reaping logic.
* allow validate to return a promise before calling again
* change sign of timeout length so that it makes sense
Merge pull request #21 from neonstalwart/session-validate-interval
Session validate interval