Is there an easy way to make sessions timeout in f

2019-01-05 09:09发布

站内问答 / Python
1737 2 4

I'm building a website with flask where users have accounts and are able to login. I'm using flask-principal for the loging in part and the role management. Is there a way of making the user's session expire after say 5 minutes or 10 minutes? I was not able to find that in flask documentation or, flask-principal's documentation.

I thought of a way of doing it by hand, set a variable server-side with a time tag at the moment of login and at the next action the user takes, the server verifies the time-delta on that timestamp and deletes the session.

2条回答
Juvenile、少年°
2楼-- · 2019-01-05 09:17

flask sessions expire once you close the browser unless you have a permanent session. You can possibly try the following:

from datetime import timedelta
from flask import session, app

@app.before_request
def make_session_permanent():
    session.permanent = True
    app.permanent_session_lifetime = timedelta(minutes=5)

By default in Flask, permanent_session_lifetime is set to 31 days.

查看更多
0人赞 添加讨论(0) 举报
迷人小祖宗
3楼-- · 2019-01-05 09:32

Yes, We should set

session.permanent = True
app.permanent_session_lifetime = timedelta(minutes=5)

But I don't think it should be set at app.before_request, This will lead to set them too may times.

The permanent_session_lifetime is a Basics Configuration, so it should be set at you configure the app:

 from datetime import timedelta
 app = Flask(__name__)
 app.config['SECRET_KEY'] = 'xxxxxxxxx'
 app.config['PERMANENT_SESSION_LIFETIME'] =  timedelta(minutes=5)

The session will created for each client, seperated from other clients. So, I think the best place to set session.permanent is when you "login()":

@app.route('/login', methods=['GET', 'POST'])
def login():
    #After Verify the validity of username and password
    session.permanent = True
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)