Flask User Management : How to make Stateless Server using better authentication ways?

Question

• I have been reading at multiple places and it is suggested that the Web Servers should be Stateles with share nothing architecture. This helps them scale better.

• That means each request has all the information needed to process the request.

• This becomes tricky when you have REST endpoints that needs authentication.

• I have been looking at ways Flask extensions do this and Flask Login extension is defined as

Flask-Login provides user session management for Flask. It handles the common tasks of logging in, logging out, and remembering your users’ sessions over extended periods of time.

• This seems like against the philosophy of building a Stateless server, isn't it?
• What are better ways to build a Stateless server with authentication provided via HTTP headers with Python or related python libraries?

P.S: Apologies for not posting a programming question here, this is a design issue and I do not know how to solve it and SO seems to have right people to answer such questions. Thanks.

Answer 1

Flask-Login uses flask's built in session management, which by default uses secure/signed cookies, and so is purely client side.

It can support server side sessions if needed though of course, here's an example redis backed session store.