Flask logout if sessions expires if no activity and redirect for login page
I'm very new to flask and trying updating a website with flask where users have accounts and are able to login. I want to make user session expire and logout if there is no activity for more than 10 mins and redirect the user for login page.
I want to update it in @app.before_request and below is my code . How do i update it pls suggest. Check for the login time and check if there is been no activity then logout.
@app.before_request
def look_for_user(user=None):
g.usr = {}
g.api = False
if user:
g.usr = user
if 'user_id' in session:
g.usr = get_user((session['user_id'])) //from db
if not g.usr:
g.usr = {}
if not g.usr:
if request.url_rule:
if request.url_rule.rule not in app.config['LOGIN_NOT_REQUIRED']:
session['postlogin_landing_page'] = request.path
if g.api:
return jsonify(error=True, error_message='Invalid Login/Token')
else:
return redirect(app.config['LOGIN_URL'])
elif 'login_page' in session and request.url_rule:
if request.url_rule.rule not in app.config:
landing_page = session.pop('login_page')
return redirect(landing_page)
Answer
You can use permanent_session_lifetime and the session.modified flag as described in this question.
Note that sessions are not permanent by default, and need to be activated with session.permanent = True, as described in this answer.