Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How does Flask-login with multiple servers work

I have been using Flask login module, which creates and maintains session on the server.

Since server maintains the session, I think it is not completely stateless. How does it work when application has more than one server. Should requests be sticky (i.e. given session should make subsequent requests to a particular server)?

like image 741
user462455 Avatar asked Sep 29 '13 21:09

user462455


People also ask

Does Flask-Login use sessions?

By default, Flask-Login uses sessions for authentication. This means you must set the secret key on your application, otherwise Flask will give you an error message telling you to do so. See the Flask documentation on sessions to see how to set a secret key.

Is Flask session client side or server-side?

Flask-Session is an extension for Flask that supports Server-side Session to your application. The Session is the time between the client logs in to the server and logs out of the server.

Is Flask session unique for each user?

Each session has a Session ID (encrypted with a secret key). Sessions use a unique id to retrieve the stored values. Whenever a session is created, a cookie containing the unique session id is stored on the user's computer.

How do I know if someone logged into my Flask-Login?

At the same time, you can use Flask-login API to do some configurations in case that you want to use its functionality. When you want to check whether the user has logged in manually rather than use the Flask-login API, then check the value of session['logged_in'] .


1 Answers

This statement you've made is not completely correct:

... which creates and maintains session on the server.

Flask-Login uses the session facilities provided by Flask, so the data it stores in the session will be written by Flask using the configured session storage mechanism.

By default Flask writes user sessions as secure cookies in the client, but session on the server are also possible. For example, this snippet shows how to configure Flask to write sessions on a server-side Redis store.

When the user session is stored in a client side cookie it is pretty obvious that having multiple servers is not a problem. The cookie will be sent to the server handling each request, so everything will work just fine.

For server-side sessions this works as well. A server-side session is written under a unique identifier, and this unique identifier is then stored in a client side cookie. Each request then comes with the session ID, and Flask uses this ID to load the session data. If you configure all your web servers to use the same user session storage then multiple servers can handle requests from the same client without issue.

like image 116
Miguel Avatar answered Oct 27 '22 00:10

Miguel