Is there an easy way to make sessions timeout in flask?

Question

I'm building a website with flask where users have accounts and are able to login. I'm using flask-principal for the loging in part and the role management. Is there a way of making the user's session expire after say 5 minutes or 10 minutes? I was not able to find that in flask documentation or, flask-principal's documentation.

I thought of a way of doing it by hand, set a variable server-side with a time tag at the moment of login and at the next action the user takes, the server verifies the time-delta on that timestamp and deletes the session.

Answer 1

flask sessions expire once you close the browser unless you have a permanent session. You can possibly try the following:

from datetime import timedelta from flask import session, app  @app.before_request def make_session_permanent():     session.permanent = True     app.permanent_session_lifetime = timedelta(minutes=5) 

By default in Flask, permanent_session_lifetime is set to 31 days.

Answer 2

Yes, We should set

session.permanent = True app.permanent_session_lifetime = timedelta(minutes=5) 

But I don't think it should be set at app.before_request, This will lead to set them too may times.

The permanent_session_lifetime is a Basics Configuration, so it should be set at you configure the app:

 from datetime import timedelta  app = Flask(__name__)  app.config['SECRET_KEY'] = 'xxxxxxxxx'  app.config['PERMANENT_SESSION_LIFETIME'] =  timedelta(minutes=5) 

The session will created for each client, seperated from other clients. So, I think the best place to set session.permanent is when you login():

@app.route('/login', methods=['GET', 'POST']) def login():     #After Verify the validity of username and password     session.permanent = True