I using flask-login for authorizing in my site.
If I login once, flask do not offer login again, but I want users to be logged in every time they log on to the site.
P.S.: I try to use remember=False in login_user() function, but it didn't help.
What can be the correction that need to be done?
I now see case for fresh loging like password change etc It is provided for by the use of fresh_login_required
flask_login.login_fresh()
This returns True if the current login is fresh. So your views protected with login required you can do something like
if not login_fresh():
#redirect to your login page with a request to reauthenticate
or (and am using change-password just as an example you can use it on any and all views that require fresh login everytime)
from flask.ext.login import fresh_login_required
@app.route("/change-password")
@fresh_login_required
def change_password():
#do stuff here
If the user is not authenticated, LoginManager.unauthorized() is called as normal. If they are authenticated, but their session is not fresh, it will call LoginManager.needs_refresh() instead. (In that case, you will need to provide a LoginManager.refresh_view.) which you can do as below as per the docs
login_manager.refresh_view = "accounts.reauthenticate"
login_manager.needs_refresh_message = (
u"To protect your account, please reauthenticate to access this page."
)
login_manager.needs_refresh_message_category = "info"
If what you are looking at is logging someone out after lets say 5 minutes of inactivity for which this question and this question gives you a very good answer, so you would do it like this
from datetime import timedelta
from flask import session, app
#make the session permanent and set expiry period
session.permanent = True
app.permanent_session_lifetime = timedelta(minutes=5)
#everytime a user visits, modify the session so that you know they are still active
@app.before_request
def func():
session.modified = True
You can make the lifetime very small for a start for testing purposes
