search

pallets-eco / flask-session

Server side session extension for Flask
https://flask-session.readthedocs.io
BSD 3-Clause "New" or "Revised" License
501 stars 239 forks source link

session.clear() removes expiry field, causing TypeError #56

Closed grutz closed 6 months ago

grutz commented 7 years ago

Setup: Flask 0.11, SQLAlchemy session interface, python 2.7.x

When using session.clear() to empty a session, say on a logout signal to ensure an empty session record, the expiry field is set to null in the database:

dev=# select session_id,expiry from sessions;
                  session_id                  | expiry
----------------------------------------------+--------
 session:ed53619f-84d7-4985-9383-260aa9817125 |
(1 row)

This causes a TypeError exception on line 516:

    if saved_session and saved_session.expiry <= datetime.utcnow():
        # Delete expired session
        self.db.session.delete(saved_session)
        self.db.session.commit()
        saved_session = None

Work-around solution is to check for saved_session.expiry before comparison:

    if saved_session and (not saved_session.expiry or saved_session.expiry <= datetime.utcnow()):
mcrowson commented 7 years ago

This issue was moved to mcrowson/flask-session#10

fengsp commented 7 years ago

I don't understand why expiry is null here :(

johnnymetz commented 7 years ago

I'm having the same problem.

Tethik commented 7 years ago

Same...

Lxstr commented 6 months ago

This was an issue where clear() was also clearing the _permanent in the session dict. Fixed post 0.7.0rc1