You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 30, 2024. It is now read-only.
Struggling to have a Session timeout running with flask-security-too
In the code below I set the SECURITY_TOKEN_MAX_AGE to 60 secondes.
A first login to my resource, from an incognito browser redirects me to the login page. Perfect
Into the same browser, 2 mn later, I don't have any token expiration and can access my resource without requesting a login
Same behavior after clearing all the cookies (or testing with a fresh incognito session)
Am I missing something in the app configuration ?
Sorry if this question address the usability of flask-security-too but cannot find (yet ..) any discussion forum or example showing this type of configuration
Should I use SECURITY_LOGIN_WITHIN which is set to 1 days by default. I've tried also to set it to 2 minutes. Without success ..
Thanks very much for your support
Regards
import os
from flask import Flask
from flask_security import SQLAlchemySessionUserDatastore, Security
from flask_security import auth_required
from dotenv import load_dotenv
from database import db
from models.auth import User, Role
from flask_mailman import Mail
import commands
from datetime import timedelta
load_dotenv()
app = Flask(__name__)
app.config["SECRET_KEY"] = os.environ.get(
"SECRET_KEY", "0aedgaii451cef0af8bd6432ec4b317c8999a9f8g77f5f3cb49fb9a8acds51d")
app.config["SECURITY_PASSWORD_SALT"] = os.environ.get(
"SECURITY_PASSWORD_SALT",
"ab3d3a0f6984c4f5hkao41509b097a7bd498e903f3c9b2eea667h16")
app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
app.config["SECURITY_REGISTERABLE"] = True
app.config["SECURITY_CONFIRMABLE"] = True # Confirmation via email
app.config["MAIL_SERVER"] = os.getenv("MAIL_SERVER")
app.config["MAIL_PORT"] = os.getenv("MAIL_PORT")
app.config["MAIL_USE_SSL"] = False
app.config["MAIL_USE_TLS"] = True
app.config["MAIL_USERNAME"] = os.getenv("MAIL_USERNAME")
app.config["MAIL_PASSWORD"] = os.getenv("MAIL_PASSWORD")
mail = Mail(app)
# Timeout session
#app.config["PERMANENT_SESSION_LIFETIME"] = timedelta(minutes=2)
#app.config['SECURITY_LOGIN_WITHIN'] = "2 minutes"
app.config['SECURITY_TOKEN_MAX_AGE'] = 60 # Specifies the number of seconds before an authentication token expires.
uri = os.getenv("DATABASE_URL")
app.config["SQLALCHEMY_DATABASE_URI"] = uri
db.init_app(app)
commands.init_app(app)
user_datastore = SQLAlchemySessionUserDatastore(db.session, User, Role)
security = Security(app, user_datastore)
@app.route("/")
@auth_required()
def home():
return "Hello, world!"
@app.route("/protected")
@auth_required()
def protected():
return "You're logged in!"
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Struggling to have a Session timeout running with flask-security-too
In the code below I set the SECURITY_TOKEN_MAX_AGE to 60 secondes.
Am I missing something in the app configuration ?
Sorry if this question address the usability of flask-security-too but cannot find (yet ..) any discussion forum or example showing this type of configuration
Should I use SECURITY_LOGIN_WITHIN which is set to 1 days by default. I've tried also to set it to 2 minutes. Without success ..
Thanks very much for your support
Regards
The text was updated successfully, but these errors were encountered: