Use session.clear() sign-out.

NOTE: you can not test that the session is cleared out by checking the session cookie does not exist on the index page, because ItsDangerousSession will create a new session when it hits the index page. The unit test confirms that the session has been cleared.
2026-02-05 10:53:28 -05:00 · 2016-02-12 15:06:54 +00:00
parent 8d1cd930ef
commit 035d4152fd
2 changed files with 4 additions and 4 deletions
--- a/app/main/views/sign_out.py
+++ b/app/main/views/sign_out.py
@@ -8,7 +8,6 @@ from app.main import main
@main.route('/sign-out', methods=(['GET']))
@login_required
 def sign_out():
-    if session.get('service_name', None):
-        session.pop('service_name')
+    session.clear()
    logout_user()
    return redirect(url_for('main.index'))
--- a/tests/app/main/views/test_sign_out.py
+++ b/tests/app/main/views/test_sign_out.py
@@ -1,6 +1,4 @@
-from datetime import datetime
 from flask import url_for
-from app.main.dao import users_dao


 def test_render_sign_out_redirects_to_sign_in(app_):
@@ -24,6 +22,8 @@ def test_sign_out_user(app_,
        email = 'valid@example.gov.uk'
        password = 'val1dPassw0rd!'
        with app_.test_client() as client:
+            with client.session_transaction() as session:
+                print('session: {}'.format(session))
            client.login(api_user_active)
            # Check we are logged in
            response = client.get(
@@ -33,3 +33,4 @@ def test_sign_out_user(app_,
            assert response.status_code == 302
            assert response.location == url_for(
                'main.index', _external=True)
+            assert session.get('ItsdangerousSession') is None