jwag956
commented
3 months ago Quick, not-complete answer. 'active' is an administrative flag - Flask-Security sets that as 'true' upon registration. On authentication request - it checks if 'active' is True - if not - denies authentication. How that flag is changed is up to your application.
is_authenticated is complex since it isn't really an entry in the DB.
sessions are handled by Flask - figuring out whether a specific user is 'logged in' is tricky. The default implementation of session uses client side cookies - so there is no state on your server - so nothing to query. You might look into Flask-Session which provides server-side sessions - something to query on.
Flask-Security does provide signals that your application can use to sort of track authentication and logout events.
Hi There,
Not sure if this should be a discussion or feature request, rather than an issue.
I am writing a portion of Flask app, where I would like to list all users that are currently "active" or "authenticated" which has currently active session.
Slowly digging into depth of this module to understand how user login and session is handled, but from database perspective the .is_active or .is_authenticated is always return True.
Wondering if such event when user is active is even stored in the db to be queried?
If such feature is not part of the framework, maybe this could be a "feature" request, otherwise if anyone has a potential viable solution to share how I could implement such logic, I would appreciate any comments.
Regards, Wojtek