Menu
I have been using Flask login module, which creates and maintains session on the server.
Since server maintains the session, I think it is not completely stateless. How does it work when application has more than one server. Should requests be sticky (i.e. given session should make subsequent requests to a particular server)?
741
By default, Flask-Login uses sessions for authentication. This means you must set the secret key on your application, otherwise Flask will give you an error message telling you to do so. See the Flask documentation on sessions to see how to set a secret key.
Flask-Session is an extension for Flask that supports Server-side Session to your application. The Session is the time between the client logs in to the server and logs out of the server.
Each session has a Session ID (encrypted with a secret key). Sessions use a unique id to retrieve the stored values. Whenever a session is created, a cookie containing the unique session id is stored on the user's computer.
At the same time, you can use Flask-login API to do some configurations in case that you want to use its functionality. When you want to check whether the user has logged in manually rather than use the Flask-login API, then check the value of session['logged_in'] .
This statement you've made is not completely correct:
... which creates and maintains session on the server.
Flask-Login uses the session facilities provided by Flask, so the data it stores in the session will be written by Flask using the configured session storage mechanism.
By default Flask writes user sessions as secure cookies in the client, but session on the server are also possible. For example, this snippet shows how to configure Flask to write sessions on a server-side Redis store.
When the user session is stored in a client side cookie it is pretty obvious that having multiple servers is not a problem. The cookie will be sent to the server handling each request, so everything will work just fine.
For server-side sessions this works as well. A server-side session is written under a unique identifier, and this unique identifier is then stored in a client side cookie. Each request then comes with the session ID, and Flask uses this ID to load the session data. If you configure all your web servers to use the same user session storage then multiple servers can handle requests from the same client without issue.
116
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
