Efficient session variable server-side caching with Python+Flask

Question

Scenario:

• Major web app w. Python+Flask
• Flask login and Flask.session for basic session variables (user-id and session-id)

Flask.session and limitations? (Cookies)

• Cookie based and basically persist only at the client side.

• For some session variables that will be regularly read (ie, user permissions, custom application config) it feels awkward to carry all that info around in a cookie, at every single page request and response.

Database is too much?

• Since the session can be identified at the server side by introducing unique session id at login, some server-side session variable management can be used. Reading this data at the server side from a database also feels like unnecessary overhead.

Question

• What is the most efficient way to handle the session variables at the server side?

Perhaps that could be a memory-based solution, but I am worried that different Flask app requests could be executed at different threads that would not share the memory-stored session data, or cause conflicts in case of simultaneous reading-writing.

• I am looking for advice and best practice for planning the basic level architecture.

Answer 1

Your instinct is correct, it's probably not the way to do it.

Session data should only be ephemeral information that is not too troublesome to lose and recreate. For example, the user will just have to login again to restore it.

Configuration data or anything else that's necessary on the server and that must survive a logout is not part of the session and should be stored in a DB.

Now, if you really need to easily keep this information client-side and it's not too much of a problem if it's lost, then use a session cookie for logged in/out state and a permanent cookie with a long lifespan for the rest of the configuration information.

If the information it too much size-wise, then the only option I can think of is to store the data other than the logged in/out state in a DB.