search

pallets-eco / flask-session

Server side session extension for Flask
https://flask-session.readthedocs.io
BSD 3-Clause "New" or "Revised" License
501 stars 239 forks source link

session is randomly getting cleared #78

Closed green3g closed 7 months ago

green3g commented 7 years ago

I'm running flask-session with flask-login with the following versions:

The user gets authenticated via a user loader function and a few requests work well. But after maybe 3 to 5 page reloads, suddenly the user is logged out and subsequent requests are not authenticated.

In the session file, user_id still exists, but the other session values, like my custom session['server_token'] are getting cleared for some reason. Also, it always happens on an api request afaik to flask-restless. Eventually one request raises a ProcessingException when current_user.is_authenticated is false and then subsequent requests fail.

For config settings I'm using this:

from datetime import timedelta
PERMANENT_SESSION_LIFETIME = timedelta(hours=8)
SESSION_TYPE = 'filesystem'
SESSION_PERMANENT = True
SESSION_KEY_PREFIX = 'gis'
SESSION_COOKIE_HTTPONLY = True
SESSION_USE_SIGNER = True
SESSION_COOKIE_SECURE = True if not DEBUG else False

I'd appreciate any direction someone might have for debugging this.

rn4n commented 6 years ago

Same problem here. 👎

rn4n commented 6 years ago

Solved the problem above using #sessions from Flask.

dingyaguang117 commented 2 years ago

I think is's a concurrency problem. Sovled by switching to flask's build-in session.

Lxstr commented 7 months ago

This is quite old but if anyone can provide a reproduction it can be checked. I suspect this is high concurrency issues with FileSystem. Generally Flask-Session is not designed for high competition concurrency sessions. Open to PRs for such things as locks or watch on backends, they may be best in a different package or somehow be configurable