'Logout if session expires from no activity and redirect to login page
I'm trying to update a website with flask where users have accounts and are able to login. I want to make user session expire and logout if there is no activity for more than 10 mins and redirect the user to the login page.
I want to update it in @app.before_request
and below is my code. How do I check for the login time and check if there has been no activity, then logout.
@app.before_request
def look_for_user(user=None):
g.usr = {}
g.api = False
if user:
g.usr = user
if 'user_id' in session:
g.usr = get_user((session['user_id'])) //from db
if not g.usr:
g.usr = {}
if not g.usr:
if request.url_rule:
if request.url_rule.rule not in app.config['LOGIN_NOT_REQUIRED']:
session['postlogin_landing_page'] = request.path
if g.api:
return jsonify(error=True, error_message='Invalid Login/Token')
else:
return redirect(app.config['LOGIN_URL'])
elif 'login_page' in session and request.url_rule:
if request.url_rule.rule not in app.config:
landing_page = session.pop('login_page')
return redirect(landing_page)
Solution 1:[1]
You can use permanent_session_lifetime
and the session.modified
flag as described in this question.
Note that sessions are not permanent by default, and need to be activated with session.permanent = True
, as described in this answer.
Solution 2:[2]
solution of your problem and for that you have to import datetime.timedelta library
session.permanent = True
app.permanent_session_lifetime = timedelta(seconds=3)
session.modified = True
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Community |
Solution 2 | SR_Mehta |