Clever Geek Handbook

Flask-Login is still registering after logging out when using remember_me function

To log out of the user account in flack using fly logging, I just call logout_user (), but after adding some additional checks with the session after I log out and go back to the login page again, I am still logged in This only happens when I choose "remember me"

I think I am misunderstanding the concept of session and logout_user (), can anyone please clarify and help?

In my opinion, I think that when I clear the session, everything inside, including "user_id", "username", etc., will also be cleared. But for some reason, the user_id or 'username' field still exists. I think this is causing the problem.

My code is below:

Sign Out:

@mod.route('/logout/')
@login_required
def logout():
  logout_user()
  session.clear()
  return redirect(url_for('users.login'))

Login:

@mod.route('/login/', methods=['GET', 'POST'])
def login():

  if g.user is not None and g.user.is_authenticated():
    return redirect(url_for('users.home'))

  form = LoginForm(request.form)

  if form.validate_on_submit():
    user = User.query.filter_by(email=form.email.data).first()
    if user and check_password_hash(user.password, form.password.data):
      session['user_id'] = user.id
      session['username'] = user.nickname
      session['remember_me'] = form.remember_me.data

      remember_me = False
      if 'remember_me' in session:
          remember_me = session['remember_me']
          session.pop('remember_me', None)

      login_user(user, remember_me)

      return redirect(url_for('users.home'))
  return render_template("users/login.html", form=form)
+3


source to share


1 answer


When you use Flask-Login

, you don't have to update the session dictionary yourself. You just need to provide the remember_me flag to the method login_user

and that's it. Therefore, I suggest updating your code like this:

@mod.route('/login/', methods=['GET', 'POST'])
def login():

    if g.user is not None and g.user.is_authenticated():
        return redirect(url_for('users.home'))

    form = LoginForm(request.form)

    if form.validate_on_submit():

        user = User.query.filter_by(email=form.email.data).first()
        if user and check_password_hash(user.password, form.password.data):
            # Just set this flag. Either True or False. 
            remember_me = False
            login_user(user, remember_me)
        return redirect(url_for('users.home'))

    return render_template("users/login.html", form=form)


The above code should do everything.

+1


source






More articles:


All Articles