TV Channel Website: Logout Functionality

#webdev #tutorial #python #bottle

GitHub: https://github.com/Sokhavuth/TV-Channel
Vercel: https://khmerweb-tv-channel.vercel.app/login

When a user logs out of the dashboard, we need to delete his/her user data encoded as a jwt stored in Redis database. We need also to delete the session id stored as a cookie in his/her browser. After deleting both jwt and cookie, we can send the user back to the login page.

# routes/frontend/login.py

from bottle import Bottle, get, post, redirect
from controllers.frontend.login import Login
import config

app = Bottle()
login = Login()

@app.get("/")
def getLogin():
    if(config.checkLogged()):
        return redirect("/admin/post")
    else:
        return login.getPage()


@app.post("/")
def postLogin():
    return login.postItem()


@app.get("/logout")
def logout():
    if(config.checkLogged()):
        return login.logOut()
    else:
       return redirect("/login")

# controllers/frontend/login.py

import config, copy, hashlib, jwt, uuid
from datetime import datetime, timezone, timedelta
from bottle import template, request, response, redirect
from models.user import User


class Login:
    def __init__(self):
        settings = copy.deepcopy(config.settings)
        self.setup = settings()
        self.redis = config.redis
        self.secret_key = config.secret_key
        self.user = User()


    def getPage(self):
        self.setup["pageTitle"] = "Log into Admin Page"
        self.setup["route"] = "/login"

        return template("base", data=self.setup)


    def postItem(self):
        password = request.forms.getunicode('password')
        email = request.forms.getunicode('email')

        user = self.user.checkUser(email)

        if user:
            passw = hashlib.sha512(password.encode("utf-8") + user["salt"]).hexdigest()
            if(passw == user["password"]):
                self.setup["pageTitle"] = 'Post Page'

                payload = {
                    "id": user["id"],
                    "role": user["role"],
                    "name": user["title"],
                }

                exp = datetime.now(timezone.utc) + timedelta(seconds=60*60*24*15)

                myjwt = jwt.encode({"user": payload, "exp": exp }, self.secret_key, algorithm="HS256")
                sessionid = uuid.uuid4().hex
                self.redis.set(sessionid, myjwt)
                self.redis.expire(sessionid, 60*60*24*15)
                response.set_cookie('sessionid', sessionid, path='/', secret=self.secret_key)

                return redirect('/admin/post')
            else:
                self.setup["pageTitle"] = 'Log into Admin Page'
                self.setup['message'] = 'Your password is wrong!'
                self.setup['route'] = '/login'
                return template("base", data=self.setup)
        else:
            self.setup["pageTitle"] = 'Log into Admin Page'
            self.setup['message'] = 'Your Email is wrong!'
            self.setup['route'] = '/login'
            return template("base", data=self.setup)


    def logOut(self):
        sessionid = request.get_cookie('sessionid', secret=self.secret_key)
        if(sessionid):
            self.redis.delete(sessionid)
            response.delete_cookie("sessionid", path="/", secret=self.secret_key)
            return redirect("/login")

Top comments (1)

Iva jahn • Apr 26

Handling logout properly is crucial for security. Deleting the JWT from Redis and clearing the session cookie ensures no stale data remains. Once both are removed, redirecting to the login page completes the flow smoothly.

For a seamless experience, similar to how Cricfy TV Alternative manages sessions, keeping the process clean and secure helps maintain user trust. Following these steps aligns with best practices and ensures a safe logout.

Some comments may only be visible to logged-in visitors. Sign in to view all comments.