abn
commented
11 years ago @trevorjay I suspect this was due to remember=True set by default.
Closed trevorjay closed 11 years ago
abn
commented
11 years ago @trevorjay I suspect this was due to remember=True set by default.
abn
commented
11 years ago This fix might not work on production as we require remember=True since victi.ms redirects to *.rhcloud.com
abn
commented
11 years ago Issue #86 has moved to mongo based session management.
abn
commented
11 years ago flask-login should handle sessions correctly as per https://flask-login.readthedocs.org/en/latest/_modules/flask/ext/login.html#logout_user
This is now considered fixed. If not reopen.
Description of problem:
Session cookies can be used after the accompanying session has been logged out.
How reproducible:
Always.
Steps to Reproduce:
Actual results:
Account is logged in.
Expected results:
Account is logged out.
Additional info:
I did not see if the old cookies eventually log out, but I can confirm that the logged in status is not wiped upon logging out.