I need server-side sessions to expire after a given amount of time, but when using flask-sessions the session expiration is prolonged every time the site is refreshed.
I have set a lifetime on the sessions, but I can see that the expiry is determined on the client side, and that it is prolonged every time I refresh the site:
app.config['PERMANENT_SESSION'] = True
app.config['PERMANENT_SESSION_LIFETIME'] = datetime.timedelta(minutes=1)
I tried setting it to False which gives the same results.
app.config['PERMANENT_SESSION'] = False
app.config['PERMANENT_SESSION_LIFETIME'] = datetime.timedelta(minutes=1)
How to I ensure that it is the server that determines whether a session has run out? I don't what the user to be able to set up a script that just keeps a session going infinitely!
I simply ended up adding the session-creation-date to the session store, and then I check the duration between this date and the current date.