Clean server-side session files - Flask-Session using filesystem

smallwat3r picture smallwat3r · Dec 18, 2018 · Viewed 7.8k times · Source

I chose to use a server-side session management with Flask using Flask-Session.

I store the data using filesystem and as expected, these files are stored under a /flask_session folder in my config directory.

Here is how I set this up in my __init__.py

# __init__.py

from flask_session import Session

[...]

app.config['SESSION_TYPE'] = 'filesystem'
app.config['SECRET_KEY'] = config.SECRET_KEY
sess = Session()
sess.init_app(app)

As expected, session files generated & stored under /flask_session

▾ flask_session/
        1695e5cbf9b4edbbbb82a8ef1fad89ae
        192761f7ce8e3cbf3ca11665133b7794
        2029240f6d1128be89ddc32729463129
        ...

Question is: Are these files automatically removed by flask_session after a specific amount of time (ie. as the session stored client-side)? If yes, is it possible to decrease/increase this timing?

Answer

smallwat3r picture smallwat3r · Dec 19, 2018

As Danila Ganchar commented, using PERMANENT_SESSION_LIFETIME allows to control the session expiration time.

Flask-Session use the same builtin config than Flask itself (related to session). From Flask-Session doc:

The following configuration values are builtin configuration values within Flask itself that are related to session. They are all understood by Flask-Session, for example, you should use PERMANENT_SESSION_LIFETIME to control your session lifetime.

Example:

# __init__.py

from flask_session import Session
from datetime import timedelta

app.config['SESSION_PERMANENT'] = True
app.config['SESSION_TYPE'] = 'filesystem'
app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(hours=5)

# The maximum number of items the session stores 
# before it starts deleting some, default 500
app.config['SESSION_FILE_THRESHOLD'] = 100  

app.config['SECRET_KEY'] = config.SECRET_KEY
sess = Session()
sess.init_app(app)