flask-login: Chrome ignoring cookie expiration?
REMEMBER_COOKIE_DURATION
is used for "Remember me" functionality, that is, how long to remember logged in user even if he closed the browser. The separate cookie is used for that, the name of which can be set by REMEMBER_COOKIE_NAME
(remember_token
by default). To force login session to expire after some time (even if the browser is still kept running), set PERMANENT_SESSION_LIFETIME
somewhere where you keep your app settings:
PERMANENT_SESSION_LIFETIME = datetime.timedelta(minutes=30)
And in your login view set session.permanent = True
:
from flask import session@app.route('/login')def login(): # ... if login_user(user): session.permanent = True return redirect(request.args.get('next') or url_for('index')) # ...