From 0d147ad7f6edb5c740008b8d411e10d8e42f4a78 Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Sun, 27 Jun 2021 18:08:47 -0400 Subject: clear session at logout this feature is not well-documented in flask. --- session_app.py | 9 ++++----- templates/settings.html | 1 - 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/session_app.py b/session_app.py index 50a52fd..1743b2a 100755 --- a/session_app.py +++ b/session_app.py @@ -15,12 +15,11 @@ # _unauthorized_kerberos meta redirect from https://billstclair.com/html-redirect2.html # preserve POST with code 307 https://stackoverflow.com/a/15480983/3569534 # Improve: -# remove session info, when logging out? # Run: # FLASK_APP=session_app.py FLASK_DEBUG=1 flask run --host 0.0.0.0 # Dependencies: -# apt-get install python3-flask -# pip3 install Flask-kerberos kerberos +# apt-get install python3-flask python3-kerberos +# pip3 install Flask-kerberos from flask import Flask, Response, redirect, url_for, render_template, request, _request_ctx_stack as stack, make_response, session from flask_kerberos import init_kerberos, requires_authentication, _unauthorized, _forbidden, _gssapi_authenticate @@ -335,8 +334,8 @@ def handle_login_ldap_from_non_ldap(request): @app.route("/logout/") def logout(): resp = Response(f'logged out') - # Doing anything with session here leaves a cookie. - #session['user']="" + # not documented but is found on the Internet in a few random places: + session.clear() resp.set_cookie('user','',expires=0) resp.set_cookie('type','',expires=0) resp.set_cookie('session','',expires=0) diff --git a/templates/settings.html b/templates/settings.html index c5f6e68..884ea04 100644 --- a/templates/settings.html +++ b/templates/settings.html @@ -13,5 +13,4 @@ input {

Ldap URI

- -- cgit