Flask-Login - User returns to Anonymous after successful login then redirect

Question

I'm trying just to setup a base login model with developed code mostly from Flask-Login.

After my user successfully logs in and I issue a redirect(url_for('index')), the user loses his authentication and returns to the value flask_login.AnonymousUserMixin.

I realize there are some simple workarounds but I'm trying to understand why my code doesn't work like the examples.

I must be missing something simple or a lack understanding of Flask-Login. How can the user remain logged in after a redirect?

__init__.py

...
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = "login"
...

models.py

class User(UserMixin, db.Model):
    __tablename__ = 'users'
    uid = db.Column(db.Integer, primary_key=True)
    firstname = db.Column(db.String(100))
    lastname = db.Column(db.String(100))
    username = db.Column(db.String(100), unique=True)
    email = db.Column(db.String(120), unique=True)
    pwdhash = db.Column(db.String(54))

    def __init__(self, firstname, lastname, email, username, password):
        ...
    def get_id(self):
        return(self.username)
    def __repr__(self):
        return '<User is:%r>' % (self.username)

routes.py

@login_manager.user_loader
def load_user(user_id):
    try:
        return User.query.get(user_id)
    except:
        return None

@app.route('/login', methods=['GET', 'POST'])
def login():
    form = LoginForm()
    if request.method == "POST":
        if form.validate():
            user = User.query.filter_by(username=form.username.data.lower()).first()
            login_user(user, remember=False)
            assert current_user.is_authenticated
            return redirect(url_for('index'))
        else:
            return render_template('login.html', form=form)
    return render_template('login.html', form=form)

@app.route('/index')
@login_required
def index():
    return render_template("home.html")

I have reviewed flask-login user is set to anonymous after login but that login method is different than the one above.

Answer 1

Well, I need to answer my own question on a dumb oversight that I should have caught (bleary eyes?)

Simple fix in def load_user(user_id): where I needed to replace the line

Bad: return User.query.get(user_id)

Good: return User.query.filter_by(username=user_id).first()

I suppose the take-away is the importance of def load_user() in preserving session integrity.