def test_session_ttl(app): """Test actual/working session expiration/TTL settings.""" ttl_seconds = 1 # Set ttl to "0 days, 1 seconds" ttl_delta = datetime.timedelta(0, ttl_seconds) ext = InvenioAccounts(app) app.register_blueprint(blueprint) assert ext.sessionstore.ttl_support # _THIS_ is what flask_kvsession uses to determine default ttl # sets default ttl to `ttl_seconds` seconds app.config['PERMANENT_SESSION_LIFETIME'] = ttl_delta assert app.permanent_session_lifetime.total_seconds() == ttl_seconds user = testutils.create_test_user() with app.test_client() as client: testutils.login_user_via_view(client, user=user) assert len(testutils.get_kvsession_keys()) == 1 sid = testutils.unserialize_session(flask.session.sid_s) testutils.let_session_expire() assert sid.has_expired(ttl_delta) assert not testutils.client_authenticated(client) # Expired sessions are automagically removed from the sessionstore # Although not _instantly_. while len(testutils.get_kvsession_keys()) > 0: pass assert len(testutils.get_kvsession_keys()) == 0
def test_repeated_login_session_expiration(app): """Test that a new session (with a different sid_s) is created when logging in again after a previous session has expired.""" InvenioAccounts(app) app.register_blueprint(blueprint) ttl_seconds = 1 ttl_delta = datetime.timedelta(0, ttl_seconds) app.config['PERMANENT_SESSION_LIFETIME'] = ttl_delta user = testutils.create_test_user() with app.test_client() as client: testutils.login_user_via_view(client, user=user) first_sid_s = flask.session.sid_s testutils.let_session_expire() assert not testutils.client_authenticated(client) app.config['PERMANENT_SESSION_LIFETIME'] = datetime.timedelta(0, 10000) testutils.login_user_via_view(client, user=user) second_sid_s = flask.session.sid_s assert not first_sid_s == second_sid_s