From 0754f68295ad72852464cbeb608d579046c910c9 Mon Sep 17 00:00:00 2001 From: Arcane-Ryn <157906738+Arcane-Ryn@users.noreply.github.com> Date: Sat, 10 Aug 2024 15:26:45 -0700 Subject: [PATCH] fixed cookie refresh bug Issue #824. Before, if a user was logged in with the login_user function when the remember parameter was set to false, their cookies would still be refreshed if the "REMEMBER_COOKIE_REFRESH_EACH_REQUEST" configuration option was set to true. This happens because if the login_user function has the remember parameter be false, it doesn't assign session["_rememeber"] any value. When session["_rememeber"] doesn't have any value and the "REMEMBER_COOKIE_REFRESH_EACH_REQUEST" configuration option is set to true, the _update_remember_cookie function sets the session["_rememeber"] value to "set". This fix makes it so if the login_user function is given false for the remember parameter, instead of leaving session["_remember"] empty, it sets the value to "unset". --- src/flask_login/login_manager.py | 2 ++ src/flask_login/utils.py | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/flask_login/login_manager.py b/src/flask_login/login_manager.py index 795e7441..e569ff48 100644 --- a/src/flask_login/login_manager.py +++ b/src/flask_login/login_manager.py @@ -402,6 +402,8 @@ def _update_remember_cookie(self, response): self._set_cookie(response) elif operation == "clear": self._clear_cookie(response) + elif operation == "unset": + session["_remember"] = "unset" return response diff --git a/src/flask_login/utils.py b/src/flask_login/utils.py index 57d49f60..3fd4d2fa 100644 --- a/src/flask_login/utils.py +++ b/src/flask_login/utils.py @@ -198,6 +198,8 @@ def login_user(user, remember=False, duration=None, force=False, fresh=True): raise Exception( f"duration must be a datetime.timedelta, instead got: {duration}" ) from e + else: + session["_remember"] = "unset" current_app.login_manager._update_request_context_with_user(user) user_logged_in.send(current_app._get_current_object(), user=_get_user())