Using session.clear() doesn’t clear the cookies upon logout. Caching has been turned off. NO GLOBALS are being used anywhere.
It’s totally random when it happens. Just clicking around the site normally (always GET requests) and somehow users are ending up as other users.
SESSION_COOKIE_SAMESITE='Lax'
SESSION_TYPE = 'filesystem'
Cloudflare is on but do they even cache cookies?
We’re also using blueprints.
Any ideas where to look?
We added a check to flask_session to make sure the session data and cookie data are aligned before setting. This seems to have fixed the issue.