mkhorasani
commented
1 month ago Hi @agomezh, thank you for reaching out. Apologies for the confusion, but the logged_in field in the config file does not determine whether the user is logged in/out, but is merely a stat to measure the number of concurrently logged-in users. As you may have noticed, there is a max_concurrent_users argument in the login widget that uses this stat to limit the number of users logged in at the same time.
agomezh
When a user with a valid cookie reloads the page, it does not matter if the field 'logged_in' in the database (i.e. config) is set to False.
Namely, the admin should be able to logout a user, and force a new login the next time the user comes into the website by modifying the config file of the user.
I think in this case before executing the login, the authenticator should check if the login is valid:
if not st.session_state['authentication_status']: token = self.cookie_handler.get_cookie() if token: self.authentication_handler.execute_login(token=token)in the
if token:there should be an extra check for the username in the database being logged in.Still learning here :).