2
我想讓用戶使用flask-login登錄。如何在註銷後清除Firefox中的「remember_token」(使用flask.login)
登錄代碼:
def signin(self, email, password):
user = None
userLoggedIn = False
private_key = self.get_private_key(email, password)
if private_key:
public_key = self.get_public_key(email, private_key)
if public_key:
user = userManager.findUser(email)
if user:
userManager.changeUserPassword(email, password)
userManager.changeCloudAccessKeys(email, public_key, private_key)
else:
user = userManager.addUser(email, password, public_key, private_key, True)
userLoggedIn = True
if userLoggedIn:
login_user(user, remember=False)
userId = user.get_id()
identity_changed.send(current_app._get_current_object(),identity=Identity(userId))
return True
return False
退出代碼:
def signout(self):
from flask import session
logout_user()
session.clear()
identity_changed.send(current_app._get_current_object(),identity=AnonymousIdentity())
self.remove_logged_user()
我裝飾與@ login_required的意見,他們登錄只有讓用戶可以做的事情:
@app.route("/do_things",methods=["GET"])
@login_required
def do_things():
pass
在Chrome中,一切運行良好。如果用戶未登錄,則不會訪問由@login_required裝飾的視圖。
但在Firefox中,我登出後,我仍然可以「做的事情」。我檢查的Firefox cookie,並找出存在的Cookie會話「remember_token」:
Response cookie:
session:1q2w3e4r...
httponly:true
path"/"
Request cookie:
remember_token:""[email protected]|8c5873f3748b8f5d18e9bd10cd5e9ee678a9a0a9e0a406fccce982825a7a57f167025341d102ee59cbecbfc20f5dae597ca66e92e5e4926f9aa64c6c244788b1""
session:1q2w3e4r...
我發現Firefox在remember_token中保存了我的用戶電子郵件並將其包含在http requset中。因此,flask中的視圖仍然認爲我已登錄。
我在註銷燒瓶後如何清除Firefox中的用戶信息?