CODEWITHSUNDEEP
flask-login
Charlie
Charlie

Reputation: 1766

Session still authenticates after server restart?

Ok, so, I'm able to login in a user successfully. And logout. Then force a user to log back in.

What doesn't seem to work is when the user authenticates, does an action that causes the server to restart, then when the server comes back up, the user is still authenticated.

This is on a hardware device, so there's no persistent storage. Somehow maybe python flask login "trusts" the cookie once its sent, always? I feel like I'm not fully understanding what Flask Login is doing...

I have no real user store. There's only one user. Here are some code blocks I have, if it helps anyone:

@login_manager.user_loader
def load_user(id):
    return User(id)

class User(FlaskLogin.UserMixin):
    def __init__(self, id):
        self.id = id

And the login method itself (some stuff removed of course):

def login():
    sysPassword = supersecretmethodherethatreturnspasswordasastring()

    if flask.request.method == "POST":
        password = flask.request.form['password']
        username = flask.request.form['username']

        if password == sysPassword and username == 'static-user-name':
            user = User(username)
            FlaskLogin.login_user(user)
            return flask.redirect("/dashboard")
        else:
            return flask.render_template("login.html", error="Incorrect password. Please enter the correct password.", product=productid, products=defaults.products)

    return flask.render_template("login.html", error=False, product=productid, products=defaults.products)

Upvotes: 5

Views: 2566

Answers (1)

maxcountryman
maxcountryman

Reputation: 1769

Flask-Login is an abstraction over Flask's sessions.

Sessions in Flask are cookies. Cookies tend to stick around in the browser. You are free to configure how long sessions live and so forth. But as long as you present a valid session to Flask-Login, you will remain logged in.

The docs cover this here.

Upvotes: 3

Related Questions