问题
I'm using flask-login https://flask-login.readthedocs.io/en/latest for session management. The user first login in (login.html) the application and go to home.html. However, after the user has authenticated and click different links, it will kick out the session and go back to login page. This happens very randomly and I'm not sure what went wrong? It is using apache. It seems okay with localhost but having this issue in apache. Are there specific apache configurations need to pay attention?
Please advise how to fix this issue? Thanks so much!!
class User(UserMixin):
pass
@login_manager.user_loader
def load_user(user_id):
print "load_user...." + user_id
user = User()
user.id = user_id
return user
@app.route("/login", methods=['POST'])
def login():
#login procedure
curr_user = User()
curr_user.id = LOGIN_USERNAME
login_user(curr_user)
return redirect(url_for('home'))
@app.route("/")
@app.route("/home")
@login_required
def home():
return render_template('home.html')
回答1:
The function for route /
does not validate for user's session and just returns the template for login.
Either modify your loading()
function
from flask import url_for
@app.route("/")
def loading():
return redirect(url_for('.home'))
Or do validation whether user is logged in
from flask_login import current_user
@app.route("/")
def loading():
if current_user.is_authenticated:
return render_template('home.html')
else:
return render_template('login.html')
Or
Remove the loading()
funtion and add the /
route to home()
@app.route("/")
@app.route("/home")
@login_required
def home():
return render_template('home.html')
This way when ever the route /
or /home
is requested, flask validates the login (as @login_required
decorator is present). If not logged in, login_view
defined for LoginManager
will be rendered.
lm = LoginManager()
lm.init_app(flask_app)
lm.login_view = '/login'
回答2:
I know this is an old post, but I found this answer which seems to have solved it for me: https://stackoverflow.com/a/57162593/5424359 Basically, you need to make sure you set app.secret_key to some secret key. A simple way to get a key is as follows.
>>>import os
>>>os.urandom(24)
Take that number and set app.secret_key to it. Make sure you don't have the app generating a key every time.
来源:https://stackoverflow.com/questions/41670136/flask-login-invalidates-session-randomly-after-authentication