rework session handling

app/__init__.py

@@ -1,4 +1,4 @@
-from flask import Flask, session, request, render_template
+from flask import Flask, session, request, render_template, redirect, url_for
 from dotenv import load_dotenv
 from .models import Avatars, Users, PostHistory, Posts, MOTD, BadgeUploads, Sessions
 from .auth import digest, is_logged_in, get_active_user
@@ -230,9 +230,13 @@ def create_app():
     app.config['SESSION_COOKIE_SECURE'] = True
 
     @app.before_request
-    def make_session_permanent():
+    def revoke_session():
         if is_logged_in():
-            session.permanent = True
+            sess = Sessions.find({'key': session['pyrom_session_key']})
+            if int(time.time()) > int(sess.expires_at):
+                sess.delete()
+                session.clear()
+                return redirect(url_for('topics.all_topics'))
 
     commit = ''
     with open('.git/refs/heads/main') as f:

app/routes/users.py

@@ -13,12 +13,15 @@ def log_in_page():
 def log_in_post():
     user = Users.find({'username': request.form['username']})
     if not user:
-        return "no user"
+        return 'no user'
     if not verify(user.password_hash, request.form['password']):
-        return "no"
+        return 'no'
 
     sess = create_session(user.id)
     session['pyrom_session_key'] = sess.key
+    session['remember'] = request.form.get('remember') == 'on'
+    if session['remember']:
+        session.permanent = True
     return redirect(request.form['return_to'])
 
 @bp.get('/<username>')