Flask-Login is still registering after logging out when using remember_me function
To log out of the user account in flack using fly logging, I just call logout_user (), but after adding some additional checks with the session after I log out and go back to the login page again, I am still logged in This only happens when I choose "remember me"
I think I am misunderstanding the concept of session and logout_user (), can anyone please clarify and help?
In my opinion, I think that when I clear the session, everything inside, including "user_id", "username", etc., will also be cleared. But for some reason, the user_id or 'username' field still exists. I think this is causing the problem.
My code is below:
Sign Out:
@mod.route('/logout/')
@login_required
def logout():
logout_user()
session.clear()
return redirect(url_for('users.login'))
Login:
@mod.route('/login/', methods=['GET', 'POST'])
def login():
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('users.home'))
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and check_password_hash(user.password, form.password.data):
session['user_id'] = user.id
session['username'] = user.nickname
session['remember_me'] = form.remember_me.data
remember_me = False
if 'remember_me' in session:
remember_me = session['remember_me']
session.pop('remember_me', None)
login_user(user, remember_me)
return redirect(url_for('users.home'))
return render_template("users/login.html", form=form)
source to share
When you use Flask-Login
, you don't have to update the session dictionary yourself. You just need to provide the remember_me flag to the method login_user
and that's it. Therefore, I suggest updating your code like this:
@mod.route('/login/', methods=['GET', 'POST'])
def login():
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('users.home'))
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and check_password_hash(user.password, form.password.data):
# Just set this flag. Either True or False.
remember_me = False
login_user(user, remember_me)
return redirect(url_for('users.home'))
return render_template("users/login.html", form=form)
The above code should do everything.
source to share