app: session expiration - redirect to index when session expires

Previous logic when sessions expire on /generate: 1. On /generate page, codename is added to the session. 2. When expiration occurs, session is cleared. 3. A flashed message indicating that the session has expired would be added to the current session (this is done via passing `_flashes` on the session object [0]). 4. Execution enters the view function associated with `/create`. But `/create` expects codename to be in the session (which was cleared in step 2), thus a KeyError will occur. Logic now when sessions expire on /generate: 1. On /generate page, codename is added to the session 2. When expiration occurs, session is cleared and user is redirected to the index. [0] https://github.com/pallets/flask/blob/cd4023d9d2ab630ce4f95856f065072ef8badb2b/flask/helpers.py#L449
freedomofpress · Sep 25, 2019 · a559e23 · a559e23
1 parent 55cd2e4
commit a559e23
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/securedrop/source_app/__init__.py b/securedrop/source_app/__init__.py
@@ -145,7 +145,9 @@ def setup_g():
             # clear the session after we render the message so it's localized
             session.clear()
 
+            # Redirect to index with flashed message
             flash(Markup(msg), "important")
+            return redirect(url_for('main.index'))
 
         session['expires'] = datetime.utcnow() + \
             timedelta(minutes=getattr(config,