[英]Flask-Login login_manager.session_protection=strong doesn't redirect to login page
We're using flask-login to handle logins to our webpage.我们正在使用flask-login 来处理我们网页的登录。 We expect it to be very strict with sessions so when a browser is closed, the user is prompted to log back in again.
我们希望它对会话非常严格,因此当浏览器关闭时,会提示用户重新登录。
We expect user would be sent to the login page for every url, and the session won't persist.我们希望用户会被发送到每个 url 的登录页面,并且会话不会持续。
We require strict protection我们需要严格的保护
login_manager.session_protection = "strong"
login_manager.refresh_view = "users.login"
Refresh view is used as the docs state:刷新视图用作文档状态:
refresh_view刷新视图
The name of the view to redirect to when the user needs to reauthenticate
When the user closes their browser and begins a new session, they are not prompted to login, instead they're given a page where href's redirect to the login page, and other links give permission errors.当用户关闭浏览器并开始新会话时,系统不会提示他们登录,而是会提供一个页面,其中 href 重定向到登录页面,其他链接会出现权限错误。 This isn't optimal.
这不是最优的。
Internally, the way redirects are accomplished is with flask_login
is by using the unauthorized()
function in the login_manager.py
file, which uses the request
library to grab the request url of the page the user is trying to access.在内部,使用
flask_login
完成重定向的方式是使用login_manager.py
文件中的login_manager.py
unauthorized()
函数,该函数使用request
库来获取用户尝试访问的页面的请求url。 When an user is logged out trying to access the page it will properly grab the correct url and redirect the user to the variable assigned to the login_view
setting.当用户注销尝试访问该页面时,它将正确获取正确的 url 并将用户重定向到分配给
login_view
设置的变量。 However, when session protection is set to strong
and the user quits the application and redirects to the page, the unauthorized()
function is not being executed.但是,当会话保护设置为
strong
并且用户退出应用程序并重定向到页面时, unauthorized()
函数不会被执行。
So why aren't they sent to the login page every new browser instance?那么为什么不将它们发送到每个新浏览器实例的登录页面呢?
In our case, the user still had a remember me cookie that persisted the session.在我们的例子中,用户仍然有一个记住我的 cookie 来持久化会话。 After adding this line
添加此行后
REMEMBER_COOKIE_DURATION = timedelta(minutes=0)
The user is correctly sent to the login page.用户被正确发送到登录页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.