Logout if session expires from no activity and redirect to login page

Question

I'm trying to update a website with flask where users have accounts and are able to login. I want to make user session expire and logout if there is no activity for more than 10 mins and redirect the user to the login page.

I want to update it in @app.before_request and below is my code. How do I check for the login time and check if there has been no activity, then logout.

@app.before_request
def look_for_user(user=None):
        g.usr = {}
    g.api = False
    if user:
        g.usr = user
    if 'user_id' in session:
        g.usr = get_user((session['user_id'])) //from db
        if not g.usr:
            g.usr = {}
    if not g.usr:
        if request.url_rule:
            if request.url_rule.rule not in app.config['LOGIN_NOT_REQUIRED']:
                session['postlogin_landing_page'] = request.path
                if g.api:
                    return jsonify(error=True, error_message='Invalid Login/Token')
                else:
                    return redirect(app.config['LOGIN_URL'])
    elif 'login_page' in session and request.url_rule:
        if request.url_rule.rule not in app.config:
            landing_page = session.pop('login_page')
            return redirect(landing_page)

Answer 1

You can use permanent_session_lifetime and the session.modified flag as described in this question.

Note that sessions are not permanent by default, and need to be activated with session.permanent = True, as described in this answer.

Answer 2

solution of your problem and for that you have to import datetime.timedelta library

session.permanent = True
app.permanent_session_lifetime = timedelta(seconds=3)
session.modified = True