Using Flask Sessions

Flask exposes a session dict-like object:

from flask import session

from flask import session

Requirements

Sessions require:

app.config["SECRET_KEY"]app.config["SECRET_KEY"]

Setting and reading values

from flask import Flask, session
 
app = Flask(__name__)
app.config["SECRET_KEY"] = "dev-key"
 
 
@app.route("/set")
def set_value():
    session["favorite_color"] = "blue"
    return "ok"
 
 
@app.route("/get")
def get_value():
    return {"favorite_color": session.get("favorite_color")}

from flask import Flask, session
 
app = Flask(__name__)
app.config["SECRET_KEY"] = "dev-key"
 
 
@app.route("/set")
def set_value():
    session["favorite_color"] = "blue"
    return "ok"
 
 
@app.route("/get")
def get_value():
    return {"favorite_color": session.get("favorite_color")}

Removing values

session.pop("favorite_color", None)

session.pop("favorite_color", None)

Important constraints

Because Flask’s default session is stored in a cookie:

keep session data small
don’t store secrets in sessions (client can read)
sign integrity is provided, confidentiality is not

Flask-Login stores:

the logged-in user id

in the session so it persists across requests.

If this helped you, consider buying me a coffee ☕

Buy me a coffee

Using Flask Sessions

Requirements

Setting and reading values

Removing values

Important constraints

How Flask-Login uses session

Was this page helpful?