Ends the session of the currently logged-in user. Note: we use crypto-based sessions rather than a server-side session store, so this will only direct the client to clear the session cookie. It’s not a reliable way for enforcing a logout, though. No-op in case the user wasn’t logge
()
| 119 | |
| 120 | |
| 121 | def logout(): |
| 122 | """Ends the session of the currently logged-in user. |
| 123 | |
| 124 | Note: we use crypto-based sessions rather than a server-side session store, |
| 125 | so this will only direct the client to clear the session cookie. It’s not a |
| 126 | reliable way for enforcing a logout, though. |
| 127 | |
| 128 | No-op in case the user wasn’t logged in. |
| 129 | """ |
| 130 | if 'username' in flask.session: |
| 131 | logger.info_sensitive('Ended session for user %s', |
| 132 | flask.session['username']) |
| 133 | del flask.session['username'] |
| 134 | |
| 135 | if 'credentials_last_changed' in flask.session: |
| 136 | del flask.session['credentials_last_changed'] |
| 137 | |
| 138 | |
| 139 | def _get_credentials_last_changed(): |
nothing calls this directly
no test coverage detected