2. Programming Q&A
  3. python - Android Chrome doesn't forget user even after Flask logout_user when using remember cookie - Stack Overflow

python - Android Chrome doesn't forget user even after Flask logout_user when using remember cookie - Stack Overflow

admin2025-04-16  3

I can't get Chrome on Android to let me logout a user.

I'm using Flask, with flask_login's user sessions. I use login_user(remember=True) in order to remember the logins even if the browser is closed and opened again afterwards. Then I use logout_user for logging out.

I've tried each and every option I've come across. Among them:

# session cookie configuration

app.config["REMEMBER_COOKIE_DOMAIN"] = "mysite"  # also .mysite
app.config["REMEMBER_COOKIE_SECURE"] = True
app.config["SESSION_COOKIE_SECURE"] = True
app.config["REMEMBER_COOKIE_SAMESITE"] = "Lax"  # also "None"
app.config["REMEMBER_COOKIE_PATH"] = "/"  # which is the default but anyways
app.config["SESSION_COOKIE_PATH"] = "/"

# trying to clear sessions on logout

session.clear()
session["_remember"] = "clear"
logout_user()

# ... trying to manage cookies manually by making a request (deleting nor expiring)
response.set_cookie("remember_token", "", expires=datetime.utcnow() - timedelta(days=1), domain=".mysite")  # URL taken straight from the browser inspector
response.delete_cookie("remember_token", domain="mysite")

# ...

At the begining, Android's Chrome wouldn't even remember the user, because it wouldn't accept the cookie. Then I got chrome to remember the cookie (not even sure how, at this point, but maybe it was those COOKIE_SECURE things).

Currently, every variant that I tried logs the user out (and it stays logged out even on page refresh). But then, if I quit the app and open it again (either by sliding it or even force quitting it from android's configuration), it first loads the page as if the user wasn't logged in, AND THEN if I reload the page, the user magically pops back into existence as if it had logged in again.

Checking the cookies on the inspector, the cookies always seem deleted when I log the user out (they stop appearing on the cookie list), but then when I quit and restart the app, they respawn again.

No need to say, browsers on my laptop make it work perfectly fine with almost any of the variants I've tried.

I'm on the verge of becoming a crazy man. Does anyone know what the hell is going on and how to keep users logged out after they've logged out? Thanks a lot!

转载请注明原文地址:http://anycun.com/QandA/1744812994a87969.html