Session update after generate CSRF token

wtforms / flask-wtf

Simple integration of Flask and WTForms, including CSRF, file upload and Recaptcha integration.

https://flask-wtf.readthedocs.io

BSD 3-Clause "New" or "Revised" License

1.46k stars 310 forks source link

Session update after generate CSRF token #560

Closed idoshr closed 1 year ago

idoshr commented 1 year ago

flask required session.modified =True for validate session is updated after generate CSRF token

Checklist:

[x] Add tests that demonstrate the correct behavior of the change. Tests should fail without the change.
[x] Add or update relevant docs, in the docs folder and in code.
[x] Add an entry in docs/changes.rst summarizing the change and linking to the issue. Add .. versionchanged:: entries in any relevant code docs.

davidism commented 1 year ago

This is already set automatically by the line above.

idoshr commented 1 year ago

I'm strongly disagree as you can see here in flask code that it should be there is poor implementation in flask-session that save the session again and again on each and every request what can lead to performance issue that I open PR for fix that

I ask you to consider it again!!

davidism commented 1 year ago

I don't get what you mean. The line session[field_name] = ... automatically sets session.modified, there is no reason to set it manually. It sounds like you're experiencing an issue, but you've misidentified the cause. Please create an issue first, and be sure to provide a minimal reproducible example to demonstrate exactly what is wrong.