On Thu, Jul 20, 2017 at 6:17 PM, Dave Page <dp...@pgadmin.org> wrote:
> > > On Thu, Jul 20, 2017 at 1:34 PM, Murtuza Zabuawala <murtuza.zabuawala@ > enterprisedb.com> wrote: > >> It is based on Flask-Login module but >> 1) Flask-Login will mark a user as logged out when it detects that an >> existing session suddenly appears to come from a different originating IP >> address or a different browser. But it is unfortunate that Flask-Login does >> not enable this option by default. >> > > That's just a config change though, to use strong protection instead of > basic. > > Yes we can set it to "strong" but then user won't be able to use "Remember me" functionality as it won't support it with "strong" protection. > 2) It does not support it at all if you want to also use the browsers >> "remember me" functionality. >> > > The *browsers* remember me functionality, or Flasks? AFAIK remember me in > the browser is just auto-filling of the username/password anyway, which > will only happen when creating a new session right? > > Browsers. > > >> >> It's just a small wrapper module to overcome above scenarios, It is not >> most necessary thing to include in our project but it will improve the >> session security. >> >> On Thu, Jul 20, 2017 at 5:52 PM, Dave Page <dp...@pgadmin.org> wrote: >> >>> Hi >>> >>> On Thu, Jul 20, 2017 at 12:59 PM, Murtuza Zabuawala < >>> murtuza.zabuaw...@enterprisedb.com> wrote: >>> >>>> Hi Dave, >>>> >>>> Tested it with PEM7 RestApi testsuite and it is working fine :) >>>> >>> >>> The docs for this module say it's based on Flask-Login's session protect >>> mechanism, and was intended to allow session protection in other scenarios. >>> As we are already using Flask-Login, do we need this? >>> >>> See the Session Protection section on https://flask-login.readthe >>> docs.io/en/latest/. >>> >>> -- >>> Dave Page >>> Blog: http://pgsnake.blogspot.com >>> Twitter: @pgsnake >>> >>> EnterpriseDB UK: http://www.enterprisedb.com >>> The Enterprise PostgreSQL Company >>> >> >> > > > -- > Dave Page > Blog: http://pgsnake.blogspot.com > Twitter: @pgsnake > > EnterpriseDB UK: http://www.enterprisedb.com > The Enterprise PostgreSQL Company >
