Flask-Principal, Flask-Login, remember_me and identity_loaded
On before_request, flask-principal
runs the identity_loaders one at a time until any identity is found.If it doesn't find any identity, identity_loaded
won't be called.
The first identity_loader is always the session loader by default.
When you restart the browser, the session will be gone, so flask-principal
can't load any identity thus your identity_loaded
callback won't be called. But you're still logged in because flask-login
's cookie 'remember_token' expires in 31 days.
So, to get rid of this idiosyncrasy, you can add new identity_loader
, which will only run when session expires.
principal = Principal(app)@principal.identity_loaderdef load_identity_when_session_expires(): if hasattr(current_user, 'id'): return Identity(current_user.id)