Update session management logic and readme (#8)

awolfden · Adam Wolfman · web-flow · commit 5c5c0e0712f9 · 2022-04-06T13:00:13.000-06:00
* Update session management logic and readme

* Remove print

* Update base session variables

Co-authored-by: Adam Wolfman &lt;adamwolfman@Adams-MBP-3.domain&gt;
diff --git a/python-flask-mfa-example/README.md b/python-flask-mfa-example/README.md
@@ -105,7 +105,7 @@ An example Flask application demonstrating how to use the [WorkOS MFA API](https
 
    TOTP: This type of authentication requires the use of a 3rd party authentication app (1Password, Authy, Google Authenticator, Microsoft Authenticator, Duo, etc). Scan the QR code from the Factor Details page to create the corresponding factor in the 3rd party app, then enter the time-based password when prompted in this MFA application.  
 
-   
+   TOTP NOTE - Since all storage is being done via browser cookies, only 1 TOTP type connection can be added at a time to this app due to limitations on the size of the cookies that browsers can store. This is due to the size of the QR code. 
 
 ## Need help?
 
diff --git a/python-flask-mfa-example/app.py b/python-flask-mfa-example/app.py
@@ -18,8 +18,14 @@
 
 @app.route("/")
 def home():
-    if session["factor_list"]:
+    if session.get("factor_list") == None:
+        session["factor_list"] = []
+        session["current_factor_qr"] = ''
+        session["phone_number"] = ''
+
+    if session["factor_list"] != None:
         return render_template("list_factors.html", factors=session["factor_list"])
+
     return render_template(
         "list_factors.html",
     )
@@ -48,8 +54,9 @@ def enroll_factor():
         new_factor = workos.client.mfa.enroll_factor(
             type=factor_type, totp_issuer=totp_issuer, totp_user=totp_user
         )
-
+    print(new_factor)
     session["factor_list"].append(new_factor)
+    print(session['factor_list'])
     session.modified = True
     return redirect("/")
 
@@ -120,8 +127,5 @@ def verify_factor():
 
 @app.route("/clear_session", methods=["GET"])
 def clear_session():
-    session["factor_list"] = []
-    session["challenge_id"] = ""
-    session["current_factor"] = ""
-    session["current_factor_type"] = ""
+    session.clear()
     return redirect("/")
