You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a result of moving to parent-domain cookies in #19, Flask-Lastuser now recognises a new user, but does not run the app's usual post-login process. This means if the app has custom code to sync userdata with Lastuser, this code is never called, unless the user explicitly logs in while within the app.
Since we've also moved to permanent cookies as of eb4f7dc in Apr 2014, sync-at-login has been broken for some time.
Flask-Lastuser should instead add an additional flag to the session cookie (not Lastuser cookie) with the login time, tagged lastuser_session_since (or shorter). This value is updated under three conditions:
The user has just explicitly logged in (set current timestamp)
The user has just explicitly logged out (remove key)
In before_request, if the timestamp was > 30 minutes ago. In this case, we also explicitly call the app's auth handler view and let it perform the usual sync. This ensures sync happens at least once every half hour.
Caveat: Sync can be expensive. Since it will also run for every user who returns after a while, it will affect first page load time. Perhaps the flag should be on the User model instead (perhaps using updated_at), so that if the User record appears to have been updated recently (because of a background push notification), no new update is necessary. (OTOH, if there has been no change recently, updated_at will be outdated anyway, so there will be the exact same sync delay with both approaches.)
The text was updated successfully, but these errors were encountered:
As a result of moving to parent-domain cookies in #19, Flask-Lastuser now recognises a new user, but does not run the app's usual post-login process. This means if the app has custom code to sync userdata with Lastuser, this code is never called, unless the user explicitly logs in while within the app.
Since we've also moved to permanent cookies as of eb4f7dc in Apr 2014, sync-at-login has been broken for some time.
Flask-Lastuser should instead add an additional flag to the session cookie (not Lastuser cookie) with the login time, tagged
lastuser_session_since(or shorter). This value is updated under three conditions:before_request, if the timestamp was > 30 minutes ago. In this case, we also explicitly call the app's auth handler view and let it perform the usual sync. This ensures sync happens at least once every half hour.Caveat: Sync can be expensive. Since it will also run for every user who returns after a while, it will affect first page load time. Perhaps the flag should be on the User model instead (perhaps using
updated_at), so that if the User record appears to have been updated recently (because of a background push notification), no new update is necessary. (OTOH, if there has been no change recently,updated_atwill be outdated anyway, so there will be the exact same sync delay with both approaches.)The text was updated successfully, but these errors were encountered: