[Flask] Expiring login sessions

David Nieder davidnieder at gmx.de
Tue Sep 15 10:29:22 CEST 2015


On 14.09.2015 14:46, Matt Shields wrote:
> Below is what I had put in when I was building the login and sessions.
> I've tried setting the app.permanent_session_lifetime to a specific amount
> of time so that the user will get logged out and it doesn't seem to work.
> Also, besides logging them out after a specific amount of time, I'd like to
> have them logged out if they close their browser
>
>   29 @app.before_request
>   30 def before_request():
>   31     g.permission = config.permission_problem()
>   32     g.current_time = datetime.datetime.now().strftime('%Y-%m-%d
> %H:%M:%S')
>   33     session.permanent = True
>   34     app.permanent_session_lifetime = datetime.timedelta(minutes=60)
>   35
>   36     if current_user.is_authenticated():
>   37         user = User.query.filter_by(email=current_user.email).first()
>   38         user.current_login_at = datetime.datetime.now()
>   39         db.session.commit()
>
> Matt
>

Hello Matt

The current_user.is_authenticated call looks like you use flask-login.
If that is the case you need to set the lifetime of the "remember_me" 
cookie:
https://flask-login.readthedocs.org/en/latest/#cookie-settings

Also: as far as I know a cookie has either an expiration date or if that
field is empty, the cookie gets removed when the browser is closed. 
Therefor the behavior you describe can't be accomplished with the cookie 
alone.

David





More information about the Flask mailing list