Reputation: 776
Flask Logout All Sessions of a Specific User
When logging out a user with Flask-Login, is there a way to log out all sessions that user may have (Ex: in different browsers, different devices, etc)?
Upvotes: 0
Views: 2761
Answers (2)
Reputation: 1354
As Artiom said in his answer, Flask-Login by default uses Flask session which is client side, and you won't be able to delete all those cookies from other clients.
However, there is a way to prevent other clients from logging in. Flask-Login relies on user_loader callback function to fetch the user from your cache, this function gets called on every HTTP request coming from the user's client.
What you can do is on logout, you delete this particular user from this cache. That way when any client (phone, other browser,etc..) used by this user try to access your page. Flask-Login won't find the user in the cache and will redirect them to the login page.
Upvotes: 1
Reputation: 3846
Flask-Login stores user_id in Flask session which is client-side session, the data stores in cookie file in users browser. Hereby you can't delete cookies in all devices and browsers of the client.
Nevertheless you can use server-side sessions instead with the help e.g. Redis and Flask-Session extension for Flask. Server side session will solve problem with removing or manipulating (imagine admin gave or removed user's rights) user session simultaneously for any user's browser or device.
https://pythonhosted.org/Flask-Session/
Upvotes: 1
Related Questions
- How do I clear a flask session?
- Python Flask: keeping track of user sessions? How to get Session Cookie ID?
- Flask Sessions - Session isn't always removed on logout (Works sometimes)
- Flask session log out and redirect to login page
- How to log out after sign in
- Flask: Clear session from admin prospective
- Removing Session cookie in Flask & Flask-Login
- How to logout a user from the database with flask-login
- Logging out a specific user with Flask-Login
- How to I delete all Flask sessions?