To logout a user in flask using Flask-login, i simply call logout_user(), but after adding some additional checks with session, after I click logout and click back to "login page" again, i'm still logged in. It happens only when I choose to "remember me"
I think I misunderstand the concept of session and logout_user() here, can anyone please clarify and help?
In my opinion, i think when I clear the session then everything inside including 'user_id', 'username' etc... will also be cleared. But somehow the 'user_id' or 'username' field still exists. I think that's what causes the problem.
My Code is below:
Logout part:
@mod.route('/logout/')
@login_required
def logout():logout_user()session.clear()return redirect(url_for('users.login'))
Login Part:
@mod.route('/login/', methods=['GET', 'POST'])
def login():if g.user is not None and g.user.is_authenticated():return redirect(url_for('users.home'))form = LoginForm(request.form)if form.validate_on_submit():user = User.query.filter_by(email=form.email.data).first()if user and check_password_hash(user.password, form.password.data):session['user_id'] = user.idsession['username'] = user.nicknamesession['remember_me'] = form.remember_me.dataremember_me = Falseif 'remember_me' in session:remember_me = session['remember_me']session.pop('remember_me', None)login_user(user, remember_me)return redirect(url_for('users.home'))return render_template("users/login.html", form=form)