What you need to do is store some sort of session token in your User model in the database.
class User(db.Model):
....
session_token = db.Column(db.String(40), index=True)
When a user logs in, you generate the session token and save it in the database.
Update your User.get_id
function to return the session token instead of the user ID.
def get_id(self):
return str(self.session_token)
In your user_loader
callback you look up the user based on the token:
@lm.user_loader
def load_user(session_token):
return User.query.filter_by(session_token=session_token).first()
With this setup, the token will be updated on each login, which will automatically invalidate the previous sessions.