flask-session
flask-session copied to clipboard
pallets-eco
session is randomly getting cleared
I'm running flask-session with flask-login with the following versions:
- Flask 0.12.2
- Flask-Login 0.4.0
- Flask-Session 0.3.1
- Flask-Restless 1.0.0b2.dev0
The user gets authenticated via a user loader function and a few requests work well. But after maybe 3 to 5 page reloads, suddenly the user is logged out and subsequent requests are not authenticated.
In the session file, user_id still exists, but the other session values, like my custom session['server_token'] are getting cleared for some reason. Also, it always happens on an api request afaik to flask-restless. Eventually one request raises a ProcessingException when current_user.is_authenticated is false and then subsequent requests fail.
For config settings I'm using this:
from datetime import timedelta
PERMANENT_SESSION_LIFETIME = timedelta(hours=8)
SESSION_TYPE = 'filesystem'
SESSION_PERMANENT = True
SESSION_KEY_PREFIX = 'gis'
SESSION_COOKIE_HTTPONLY = True
SESSION_USE_SIGNER = True
SESSION_COOKIE_SECURE = True if not DEBUG else False
I'd appreciate any direction someone might have for debugging this.
I think is's a concurrency problem. Sovled by switching to flask's build-in session.
This is quite old but if anyone can provide a reproduction it can be checked. I suspect this is high concurrency issues with FileSystem. Generally Flask-Session is not designed for high competition concurrency sessions. Open to PRs for such things as locks or watch on backends, they may be best in a different package or somehow be configurable
