You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I almost copied your code to build a server. I can register users, and login only if the password is correct. Then I receive the authentication cookie. However, when I use the cookie to request new urls such as update_password, it seems that I can keep doing it even after I logout:
In the debug mode, I can confirm that id.forget(); in the logout function has indeed been run and the id.id field is set to None. However, there seems to be no real effect after that since I can call the logout API again and again. By the way, where is data for username and cookie saved? Why is cookie still valid even after I restart the server? How can I use the authentication cookie correctly?
The text was updated successfully, but these errors were encountered:
Hi, I almost copied your code to build a server. I can register users, and login only if the password is correct. Then I receive the authentication cookie. However, when I use the cookie to request new urls such as
update_password
, it seems that I can keep doing it even after I logout:In the debug mode, I can confirm that
id.forget();
in thelogout
function has indeed been run and the id.id field is set to None. However, there seems to be no real effect after that since I can call thelogout
API again and again. By the way, where is data for username and cookie saved? Why is cookie still valid even after I restart the server? How can I use the authentication cookie correctly?The text was updated successfully, but these errors were encountered: