Exclude endpoint for flak session timeout
I have a Flask application that uses Flask-Sessions to manage my sessions.
flask.permanent_session_lifetime = timedelta(minutes=30)
After 30 minutes of activity, the session will end and my user will need to log in again to continue using the app.
However, I would like to exclude a specific URL endpoint from this session timeout session. I mean, I have a persistent poll that happens in my application where the web client calls the GET / status endpoint at a 30 second interval. Every 30 seconds, the page requests the updated task status from the server and updates progress bars, etc.
Due to the constantly achieved above GET / status call, the user can be completely removed from the computer and the session will never time out because the GET / status call is being processed continuously.
Is there a way to exclude this endpoint in the timeout behavior so that the GET / status calls will NOT extend the lifespan of the current user session? If not, what would be the recommended approach in this case? I would rather not implement my own version of the session behavior in this application.
source to share
You have options:
- subclass SecureCookieSessionInterface and override the should_set_cookie method
- register after_request handler and remove Set-Cookie header if url matches
source to share