flask-login:Chrome是否忽略Cookie的过期时间? [英] flask-login: Chrome ignoring cookie expiration?
问题描述
我已经使用flask-login进行了身份验证,但是无论我用什么来控制flask的cookie持续时间,会话都仍是经过身份验证的.我是否可以为flask-login正确设置配置变量?我已经尝试过
I've got the authentication working with flask-login, but it seems like no matter what I use for the cookie duration in flask, the session is still authenticated. Am I setting the config variables properly for flask-login? I've tried
app.REMEMBER_COOKIE_DURATION = datetime.timedelta(seconds=30)
app.config["REMEMBER_COOKIE_DURATION"] = datetime.timedelta(seconds=30)
即使我关闭浏览器,稍等片刻并点击了应该保护的网址,我仍然可以访问它.这与 chrome的问题有关吗?.如果清除cookie,我将获得预期的登录页面.所有这些使我认为cookie超时不受尊重.
Even if I close the browser, wait a while, and hit a url that should be protected, I can still access it. Is this related to this issue with chrome?. If I clear my cookies, I get the expected login page. All this makes me think that the cookie timeout is not being respected.
另外, PERMANENT_SESSION_LIFETIME 在烧瓶中做什么?
Also, what does PERMANENT_SESSION_LIFETIME do in flask?
推荐答案
REMEMBER_COOKIE_DURATION 用于记住我"功能,即即使关闭浏览器也要记住登录用户多长时间.为此使用了单独的cookie,其名称可以由 REMEMBER_COOKIE_NAME (默认为 remember_token )设置.要在一段时间后强制登录会话过期(即使浏览器仍保持运行),请在保存应用程序设置的位置设置 PERMANENT_SESSION_LIFETIME :
REMEMBER_COOKIE_DURATION is used for "Remember me" functionality, that is, how long to remember logged in user even if he closed the browser. The separate cookie is used for that, the name of which can be set by REMEMBER_COOKIE_NAME (remember_token by default). To force login session to expire after some time (even if the browser is still kept running), set PERMANENT_SESSION_LIFETIME somewhere where you keep your app settings:
PERMANENT_SESSION_LIFETIME = datetime.timedelta(minutes=30)
在登录视图中,设置 session.permanent = True :
from flask import session
@app.route('/login')
def login():
# ...
if login_user(user):
session.permanent = True
return redirect(request.args.get('next') or url_for('index'))
# ...
这篇关于flask-login:Chrome是否忽略Cookie的过期时间?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
