Hi Terry, > > Are you certain it uses the first example which is ‘HTTPBasicAuth’? > > It certainly is. > > > From > > https://github.com/miguelgrinberg/Flask-HTTPAuth/blob/master/flask_httpauth.py > > I don't spot that authentication method updating a session, unlike > > HTTPDigestAuth, for example. > > I believe that Hamish spotted the problem; it's a cookie issue. When > I cleared browsing data in Chromium, it made me log in again.
What code on the server is setting a cookie? As I said above, I didn't spot HTTPBasicAuth updating a session, though perhaps I'm missing it. Until the use of cookies by the site is better understood, it's hard to reason about the risks of using cookies. :-) -- Cheers, Ralph. -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
