I am doing some tests with flask-login. I am following exactly the example at
everything is working fine, i manage to log in correctly and i am able to access the routes protected by the @login_required decorator.
I can log out if I explicitly do it (going to the ‘/logout’ route) and after i do i’m no longer able to access the protected routes.
The only problem is: i never get logged out if i close the browser. In the official guide it says
By default, when the user closes their browser the Flask Session is deleted and the user is logged out.
but this never seems to happen.
OK i’ve finally find a solution:
@app.before_request def before_request(): flask.session.permanent = True app.permanent_session_lifetime = datetime.timedelta(minutes=20) flask.session.modified = True
setting flask.session.permanent to True forces flask to expire after a certain amount of time, and not when the browser is closed (which is the default behavior).
flask.session.modified = True resets the time. since this is called every request the user does, you are sure that he is going to be logged out after 20minutes of true inactivity.
Answered By – a.costa