make flask_login upgrade backwards compatible

flask_login moves from `user_id` to `_user_id`. unfortunately, this
isn't backwards compatible as if an old cookie only has the old
`user_id`, then flask_login won't find `_user_id` so will mark the user
as unauthenticated.

this code will manually migrate the three flask login cookie variables,
before the flask_login code runs, so that it doesn't freak out
This commit is contained in:
Leo Hemsted
2020-03-11 12:12:15 +00:00
parent 85f159a25f
commit 4808509139

View File

@@ -527,6 +527,12 @@ def make_session_permanent():
when you first log in/sign up/get invited/etc, but we do it just to be safe. For more reading, check here:
https://stackoverflow.com/questions/34118093/flask-permanent-session-where-to-define-them
"""
# TODO: Remove this loop after a weekend, when all cookies have either run through this code or expired
for val in ['user_id', 'remember', 'remember_seconds']:
if val in session:
session[f'_{val}'] = session[val]
session.permanent = True