0

trying to tweak my user login system a bit. using default flask session. i have a login required area (all pages under /dashboard/ - but user can be logged in sitewide as well). i want to be able to end a users session after say 30 minutes, and upon session ending, flash a message "youve been logged out for inactivity". but if user clicks around before that period ends, keep session alive until 30 mins has passed. im getting some weird behavior with this, ie it kicks me instantly if i click around. something is definitely wrong. I followed two questions from here - trying to combine the two features:

Is there an easy way to make sessions timeout in flask?

@app.before_request
def make_session_permanent():
    session.modified = True        
    session.permanent = True
    app.permanent_session_lifetime = timedelta(minutes=2)
    #flash("You have been logged out for inactivity.")

EDIT: login behavior is normal, but time limit still does not work, session remains forever. doubt the user activity keeps session alive either. heres the entire code for my login register system, blueprint, dashboard etc. i dont see whats wrong. my sessions still last to infinity no matter what i try. https://dpaste.de/vonL

Community
  • 1
  • 1
King Anu
  • 125
  • 2
  • 11

1 Answers1

1

"it kicks me instantly if i click around". If you click around, your session expire time will be set to 30 mins because:

@app.before_request
def make_session_permanent():

@app.before_request is application-widely.

You can use a Blueprint which prefix_url is '/dashboard' and use

@blueprint.before_request

instead. Then only requests under this blueprint can update the expire time.

MrLeeh
  • 5,321
  • 6
  • 33
  • 51
bingtel
  • 46
  • 4
  • hi pleae check my edit if you can, still have issues. also need an if statement, to the effect, if session.timeout(), flash('youve been logged out for inactivity') , after i can get the session to timeout properly of course, after 2 min test period. – King Anu Dec 23 '16 at 10:29
  • hi, there is no need to add ``@app.route("/dashboard/")`` or ``@dashboard.before_request`` to decorate ``def dashboard():``; just: ``` @dashboard.route("/dashboard/") @login_required def dashboard(): ``` is enough. – bingtel Dec 24 '16 at 04:24
  • yes i removed the '@dashboard.before_request' from the function, but I have to have @app.route("/dashboard/") otherwise I get a 404 page does not exist. sigh. working on this for hours asking everywhere including flask git issues and no one can provide an answer. im stuck with session = INFINITY MINUTES basically. heres the entire code for everything related to this https://dpaste.de/mJwM – King Anu Dec 24 '16 at 06:24
  • https://dpaste.de/vonL current working code (session still lasts forever) – King Anu Dec 24 '16 at 06:39
  • cancel the ``@app.route("/dashboard/")`` on the ``def dashboard():`` and put ``app.register_blueprint(dashboard, url_prefix="/dashboard/")`` after ``def dashboard():`` , there will not be 404 error. – bingtel Dec 24 '16 at 10:09
  • sorry, ``url_prefix="/dashboard"`` is correct(without slash). – bingtel Dec 24 '16 at 12:15
  • tried that https://dpaste.de/ogdg tried all kinds of permutations matching both with trailing slash and without one. still ends session instantly. sorry ill probably just say screw it – King Anu Dec 24 '16 at 14:42