| 393 | |
| 394 | |
| 395 | def test_session_secret_key_fallbacks(app, client) -> None: |
| 396 | @app.post("/") |
| 397 | def set_session() -> str: |
| 398 | flask.session["a"] = 1 |
| 399 | return "" |
| 400 | |
| 401 | @app.get("/") |
| 402 | def get_session() -> dict[str, t.Any]: |
| 403 | return dict(flask.session) |
| 404 | |
| 405 | # Set session with initial secret key, and two valid expiring keys |
| 406 | app.secret_key, app.config["SECRET_KEY_FALLBACKS"] = ( |
| 407 | "0 key", |
| 408 | ["-1 key", "-2 key"], |
| 409 | ) |
| 410 | client.post() |
| 411 | assert client.get().json == {"a": 1} |
| 412 | # Change secret key, session can't be loaded and appears empty |
| 413 | app.secret_key = "? key" |
| 414 | assert client.get().json == {} |
| 415 | # Rotate the valid keys, session can be loaded |
| 416 | app.secret_key, app.config["SECRET_KEY_FALLBACKS"] = ( |
| 417 | "+1 key", |
| 418 | ["0 key", "-1 key"], |
| 419 | ) |
| 420 | assert client.get().json == {"a": 1} |
| 421 | |
| 422 | |
| 423 | def test_session_expiration(app, client): |