Is there an easy way to make sessions timeout in flask?
Solution 1
flask sessions expire once you close the browser unless you have a permanent session. You can possibly try the following:
from datetime import timedelta
from flask import session, app
@app.before_request
def make_session_permanent():
session.permanent = True
app.permanent_session_lifetime = timedelta(minutes=5)
By default in Flask, permanent_session_lifetime is set to 31 days.
Solution 2
Yes, We should set
session.permanent = True
app.permanent_session_lifetime = timedelta(minutes=5)
But I don't think it should be set at app.before_request, This will lead to set them too may times.
The permanent_session_lifetime is a Basics Configuration, so it should be set at you configure the app:
from datetime import timedelta
app = Flask(__name__)
app.config['SECRET_KEY'] = 'xxxxxxxxx'
app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(minutes=5)
The session will created for each client, seperated from other clients. So, I think the best place to set session.permanent is when you login():
@app.route('/login', methods=['GET', 'POST'])
def login():
#After Verify the validity of username and password
session.permanent = True
verrochio
Updated on April 27, 2020Comments
-
verrochio about 4 years
I'm building a website with flask where users have accounts and are able to login. I'm using flask-principal for the loging in part and the role management. Is there a way of making the user's session expire after say 5 minutes or 10 minutes? I was not able to find that in flask documentation or, flask-principal's documentation.
I thought of a way of doing it by hand, set a variable server-side with a time tag at the moment of login and at the next action the user takes, the server verifies the time-delta on that timestamp and deletes the session.