'Flask Server-Side Session Expiration
Problem
I need server-side sessions to expire after a given amount of time, but when using flask-sessions the session expiration is prolonged every time the site is refreshed.
What I have tried
I have set a lifetime on the sessions, but I can see that the expiry is determined on the client side, and that it is prolonged every time I refresh the site:
app.config['PERMANENT_SESSION'] = True
app.config['PERMANENT_SESSION_LIFETIME'] = datetime.timedelta(minutes=1)
I tried setting it to False which gives the same results.
app.config['PERMANENT_SESSION'] = False
app.config['PERMANENT_SESSION_LIFETIME'] = datetime.timedelta(minutes=1)
How to I ensure that it is the server that determines whether a session has run out? I don't what the user to be able to set up a script that just keeps a session going infinitely!
Solution 1:[1]
I simply ended up adding the session-creation-date to the session store, and then I check the duration between this date and the current date.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Esben Eickhardt |