Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Support force-logout for active sessions
See original GitHub issueRight now you can only force-logout a remember-me token by using a custom token. It would be nice if there was a clean way to do this for active sessions, too.
From a quick look at the code this could probably be done by making get_id return e.g. a tuple of userid, token and the user_loader handling this token accordingly (retrieving the user from the DB and checking if the tokens match). However, the documentation is quite clear about the user id having to be unicode and a second look at the code shows that the user id actually converted to a string at some point: data = encode_cookie(str(session['user_id'])) (actually, shouldn’t this be unicode and not str?).
Sure, I could use a custom string representation such as id:token but it feels dirty.
Issue Analytics
- State:
- Created 9 years ago
- Comments:13 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I find this is needed, on my situation
really need some way to force that user to reenter the password. cause they already reset there password.right?? and please support…
We just implemented this on our end. It was pretty hacky with flask-login, requiring hijacking of the get_id function to incorporate both a user_id and session_id.
Some better separation of
idandsession_idin flask login would have been really helpful, and set me up to have a callback to validate the session id too.