search

mbr / flask-kvsession

A drop-in replacement for Flask's session handling using server-side sessions.
http://pythonhosted.org/Flask-KVSession/
MIT License
168 stars 53 forks source link

Issues with destroying the session manually #13

Closed shintonik closed 10 years ago

shintonik commented 11 years ago

Hi,

destroying the Flask session calling session.destroy works fine. Due to the fact that the session id also used by another app I would like to destroy the session cookie and the stored session id as well when the logout view is called.

Is there a way to do that? Removing the session id manually from the store in the logout view results in a new generated session (including session id and cookie).

Thanks in advance.

mbr commented 10 years ago

First, an apology for the long time it took me to respond to this issue. It seems to have fallen between the cracks of my inbox.

Second, this is not possible currently, at first glance it seems like not a big deal, but I can see a reasoning that this leaves traces of session information on the client.

Unfortunately, I cannot fix this quickly right now, but will get back to it.

mbr commented 10 years ago

I've given this a look and written a test that checks for the defect, unfortunately, I was not able to reproduce it in the current version. I hope the test covers what has been bothering, so at least I'll catch regressions.