I am trying to write an app that uses flask.login to prevent user to access pages if they are not logged in. This works fine so far. In additon I want to redirect to the login page if the session of the user ends. At the moment the access is only denied if someone refreshes the page. However if the page is already loaded then the user can still use every component even if his session is expired.
My idea was to use flasks before_request and ask before every request if the user is authenticated or not. If not than it should redirect to the login page. I use the following code:
@app.before_request
def make_session_permanent():
if current_user.is_authenticated is False:
print(current_user.is_authenticated)
return redirect('/login')
I can see the print response when a user is not authenticated. However the return to the login page is somehow ignored. Does anyone have an idea how to automatically redirect to the login page if a session of a user has exspired?
I guess one option could be to use an Interval component to trigger a callback, which checks if the session has expired (e.g. once per minute), and performs a redirect if it is.
to handle the session lifetime. That means everytime a callback is executed the lifetime starts again from 30 min. Only if the user is inactive the session is stopped and the user is logged out. From my understanding that means that I cannot use Interval since it would extend the session lifetime every time if I asked if the user is logged in or not. This would end in an endless loop and the user will always be activate without doing someting. Am I correct with this or does Interval act differently than other callbacks?
I haven’t used that option before, but your logic sound reasonable. However, if you use a clientside callback, it might work as no request will be exchanged with the server.
Hi, the clientside callback could be a good option. The interval is executed without extending the lifetime of the session. With an if else condition I can redirect the user. The problem is that I do not know how to get the current_user.is_athenticated into the callback. Do you know how to do this? I never did anything with javascript so a little help would be very appreciated.