[Flask] Expiring login sessions
David Nieder
davidnieder at gmx.de
Tue Sep 15 10:29:22 CEST 2015
On 14.09.2015 14:46, Matt Shields wrote:
> Below is what I had put in when I was building the login and sessions.
> I've tried setting the app.permanent_session_lifetime to a specific amount
> of time so that the user will get logged out and it doesn't seem to work.
> Also, besides logging them out after a specific amount of time, I'd like to
> have them logged out if they close their browser
>
> 29 @app.before_request
> 30 def before_request():
> 31 g.permission = config.permission_problem()
> 32 g.current_time = datetime.datetime.now().strftime('%Y-%m-%d
> %H:%M:%S')
> 33 session.permanent = True
> 34 app.permanent_session_lifetime = datetime.timedelta(minutes=60)
> 35
> 36 if current_user.is_authenticated():
> 37 user = User.query.filter_by(email=current_user.email).first()
> 38 user.current_login_at = datetime.datetime.now()
> 39 db.session.commit()
>
> Matt
>
Hello Matt
The current_user.is_authenticated call looks like you use flask-login.
If that is the case you need to set the lifetime of the "remember_me"
cookie:
https://flask-login.readthedocs.org/en/latest/#cookie-settings
Also: as far as I know a cookie has either an expiration date or if that
field is empty, the cookie gets removed when the browser is closed.
Therefor the behavior you describe can't be accomplished with the cookie
alone.
David
More information about the Flask
mailing list