wip

app/__init__.py

@@ -20,13 +20,14 @@ def create_app(config_name="development"):
         app.config['SECRET_KEY'] = secrets.token_hex(32)
 
     # Initialize extensions
-    from app.core.extensions import db, migrate, login_manager, bcrypt, limiter, csrf
+    from app.core.extensions import db, migrate, login_manager, bcrypt, limiter
+    from app.core.csrf_utils import init_csrf
 
     db.init_app(app)
     migrate.init_app(app, db)
     login_manager.init_app(app)
     bcrypt.init_app(app)
-    csrf.init_app(app)
+    init_csrf(app)
     limiter.init_app(app)
 
     # Initialize login manager
@@ -101,4 +102,21 @@ def create_app(config_name="development"):
     def forbidden(e):
         return render_template("errors/403.html", title="Forbidden"), 403
 
+    # Session configuration
+    app.config['SESSION_TYPE'] = 'filesystem'
+    app.config['SESSION_FILE_DIR'] = os.path.join(os.getcwd(), 'instance/sessions')
+    app.config['SESSION_PERMANENT'] = True
+    app.config['PERMANENT_SESSION_LIFETIME'] = 3600  # 1 hour in seconds
+
+    # Ensure the sessions directory exists
+    os.makedirs(app.config['SESSION_FILE_DIR'], exist_ok=True)
+
+    # Debug CSRF issues
+    @app.after_request
+    def after_request(response):
+        if app.debug:  # Only in development
+            print(f"Session contains CSRF token: {'csrf_token' in session}")
+            print(f"CSRF header name: {app.config.get('WTF_CSRF_HEADERS')}")
+        return response
+
     return app