Make session permanent after login

By default, the Flask session only survives until the user closes the browser [1], which is annoying. With this, the session will survive for 31 days; as far as I can tell, that expiration time is refreshed each time the user visits the tool, so in practice it can last much longer as long as the user uses the tool regularly. For symmetry, reset the flag after logout. [1]: https://flask.palletsprojects.com/en/2.3.x/api/#flask.session.permanent
lucaswerkmeister · Apr 8, 2024 · 7963774 · 7963774
1 parent 621944e
commit 7963774
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/{{cookiecutter.tool_identifier}}/app.py b/{{cookiecutter.tool_identifier}}/app.py
@@ -208,6 +208,7 @@ def oauth_callback(){% if cookiecutter.set_up_mypy == "True" %} -> RRV{% endif %
                                     user_agent=user_agent)
     flask.session['oauth_access_token'] = dict(zip(access_token._fields,
                                                    access_token))
+    flask.session.permanent = True
     flask.session.pop('csrf_token', None)
     redirect_target = flask.session.pop('oauth_redirect_target', None)
     return flask.redirect(redirect_target or flask.url_for('index'))
@@ -216,6 +217,7 @@ def oauth_callback(){% if cookiecutter.set_up_mypy == "True" %} -> RRV{% endif %
 @app.route('/logout')
 def logout(){% if cookiecutter.set_up_mypy == "True" %} -> RRV{% endif %}:
     flask.session.pop('oauth_access_token', None)
+    flask.session.permanent = False
     return flask.redirect(flask.url_for('index'))