Flask-Login:关闭标签页后,如何强制Firefox / Chrome删除会话Cookie? [英] Flask-Login: How to force Firefox/Chrome to remove session cookie when tab is closed?
问题描述
我一直在尝试学习Flask,并一直学习Flask-Login扩展。我可以按预期进行基本身份验证。我遇到的问题涉及Firefox中的显示上次显示的窗口和选项卡设置和Chrome中的继续我上次离开的地方设置。我在此站点以及其他地方所做的所有研究都表明,这些设置仅对打开的选项卡有效。因此,如果您通过了身份验证,然后关闭了选项卡,然后关闭了浏览器,则浏览器仅应为关闭浏览器时打开的选项卡还原仅会话的cookie。但是,对于Firefox和Chrome,当再次启动浏览器时,仅会话cookie仍处于活动状态,并且我导航到标记为@login_required的页面。我还应该提到我将False传递给login_user记住参数,如下所示: login_user(user,Remember = False)
I have been trying to learn Flask, and along the way the Flask-Login extension. I can make basic authentication work as expected. The issue that has me stumped involves the "Show my windows and tabs from last time" setting in Firefox and the "Continue where I left off" setting in Chrome. All the research I have done on this site and elsewhere indicates that these settings should only work for open tabs. So if you are authenticated and then close the tab, and then close the browser, the browser should only restore the session-only cookies for tabs that were open when the browser closed. However with both Firefox and Chrome the session-only cookie is still active when the browser is started again and I navigate to the page that is marked as @login_required. I should also mention that I am passing False to the login_user remember argument like so: login_user(user, remember=False)
我已经开始尝试使用Flask-Login扩展名进行全新的登录,认为在关闭浏览器之前关闭选项卡肯定会将会话标记为陈旧,但事实并非如此。我检查 login_fresh()的值,如果登录是最新的,则返回true,但仍返回True。
I have played around with the idea of fresh logins with the Flask-Login extension thinking that closing the tab before closing the browser would surely mark the session as stale, but it doesn't. I examine the value of login_fresh() which returns true if the login is fresh, and it still returns True.
我使用 session.permanent = True 然后设置了如何使登录在给定时间后过期 app.permanent_session_lifetime ='那么多分钟/秒',它工作正常,但不是我想要的。
I found out how to make the login expire after a given time using session.permanent = True and then setting app.permanent_session_lifetime = 'so many minutes/seconds', which works perfectly, but isn't what I want.
我可以忍受Firefox / Chrome会记住打开的选项卡的会话cookie的事实,但是我不明白的是为什么即使关闭选项卡在关闭浏览器之前就关闭了选项卡,它们也会记住我网站的会话cookie。这是预期的行为吗?首先关闭标签页,然后再关闭浏览器,是否期望为我的网站删除会话cookie?
I can live with the fact that Firefox / Chrome will remember session cookies for tabs that are open, but what I don't understand is why they remember session cookies for my site even when the tab is closed before closing the browser. Is this the expected behavior? Is it reasonable to expect the session cookie to be removed for my site when I close the tab first then the browser?
推荐答案
这是预期的行为吗?
Is this the expected behavior? Is it reasonable to expect the session cookie to be removed for my site when I close the tab first then the browser?
显然是的,当我先关闭选项卡然后关闭浏览器时,期望为我的站点删除会话cookie是否合理?这是预期的行为,没有,您没有理由期望这种事情。您所看到的行为似乎是浏览器实现会话还原功能的一种故意设计决定。
Apparently yes, this is expected behaviour, and no you are not reasonable to expect such a thing. The behaviour you are seeing appears to be a deliberate design decision in the way the browsers implement "session restore" functionality.
- 请参阅此 2009年以来的Firefox错误 (外部会话)会话还原可能会导致会话cookie寿命过长具有很多重复项并且没有解决方案。
- 或者此 2012年以来的铬错误 Chrome浏览器进程关闭时未清除会话Cookie ,状态为
WontFix
- See this Firefox bug from 2009 (eternalsession) Session restore can result in excessive session cookie lifespan that has many duplicates and no solution.
- Or this Chromium bug from 2012 Session Cookies not cleared when Chrome processes closed with a status of
WontFix
因此,简而言之,我认为无论服务器多么强大,我都无法从服务器端对此做任何事情:((
So, in short, I don't think there's anything you can do about this from the server side, no matter how awesome flask is :(
这篇关于Flask-Login:关闭标签页后,如何强制Firefox / Chrome删除会话Cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
