3

I am developing a small web application. I am using https://pythonhosted.org/Flask-OAuth library for Social Authentication from Google. Also, Flask-Login. I have successfully set up the authorization callback and authorized the user. I am able to successfully login the user as well using login_user(user, remember=True).

This creates a cookie named remember_token with expiration of 365 days. However, the problem occurs when I close the browser(Firefox, Chrome) and when I reopen my application.

Using Tools->Privacy->Remove Individual Cookies in Firefox, I can see the remember_token cookie. However, when I navigate to the index page / , I have set up this function .. 

@main.route('/', methods=['GET', 'POST'])
def index():
    if current_user.is_authenticated:
        print_debug('User is authenticated in /')
        return redirect(url_for('.home'))
    else:
        return render_template('index.html')

@main.route('/home', methods=['GET', 'POST'])
@login_required
def home():
    do_something()

Navingating to / prints the debug information and a successful redirect to /home occurs. However, this redirect is intercepted by @login_required and I am redirected to /google-login?next=%2Fhome asking me to login again. Also, the remember_token is also deleted at this stage. I confirm it after checking it in Firefox.

I can't understand why the remember function is not working properly. Or Why the remember_token is being deleted. I don't do anything in between. Step wise,

  • I initially login. Till the browser is not closed, everything works fine. All @login_requireds work.
  • When I close the browser and reopen, till I don't open my webapp on localhost:5000 there remains a cookie names remember_token.
  • As soon as I open, the first current_user.is_authenticated on / returns True and from this point onward, every @login_required asks for re-login.

I am using Flask-sqlalchemy and MySQL for database. My user model is 

class User(UserMixin, db.Model):
    __tablename__ = 'users'
    id = db.Column(db.Integer, primary_key=True)
    password_hash = db.Column(db.String(128))
    username = db.Column(db.String(128), unique=True, index=True)

My User Loader 

@login_manager.user_loader
def load_user(user_id):
    print_debug("User loader called with id %s" % user_id)
    return User.query.get(int(user_id))

Any help would be really appreciated.

Thanks!

  • Which version of `flask-login` are you using and could you show your user loader function? – Wombatz Jun 25 '16 at 09:55
  • So you have two ways of logging in: database and OAuth? If yes does the behavior differ for the two login methods? – Wombatz Jun 26 '16 at 12:13
  • No. I only use Oauth. As of now, I am not using the password_hash field of the Table. I just included it for implementing my own login in future. –  Jun 27 '16 at 14:47

0 Answers0