30d929f36d
This introduces a new approach to handling user sessions. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time. There was also some janky logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session creation by Flask. Now, when a user visits the site, their initial request is forwarded to a `session/<session id>` endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Sessions are also now (semi)permanent and have a lifetime of 1 year.
34 lines
549 B
Plaintext
34 lines
549 B
Plaintext
attrs==19.3.0
|
|
beautifulsoup4==4.10.0
|
|
cachelib==0.4.1
|
|
certifi==2020.4.5.1
|
|
cffi==1.15.0
|
|
chardet==3.0.4
|
|
click==8.0.3
|
|
cryptography==3.3.2
|
|
Flask==1.1.1
|
|
Flask-Session==0.4.0
|
|
idna==2.9
|
|
itsdangerous==1.1.0
|
|
Jinja2==2.11.3
|
|
MarkupSafe==1.1.1
|
|
more-itertools==8.3.0
|
|
packaging==20.4
|
|
pluggy==0.13.1
|
|
py==1.10.0
|
|
pycodestyle==2.6.0
|
|
pycparser==2.19
|
|
pyOpenSSL==19.1.0
|
|
pyparsing==2.4.7
|
|
PySocks==1.7.1
|
|
pytest==6.2.5
|
|
python-dateutil==2.8.1
|
|
requests==2.25.1
|
|
soupsieve==1.9.5
|
|
stem==1.8.0
|
|
urllib3==1.26.5
|
|
waitress==1.4.3
|
|
wcwidth==0.1.9
|
|
Werkzeug==0.16.0
|
|
python-dotenv==0.16.0
|