So my understanding of Flask sessions is that I can use it like a dictionary and add values to a session by doing:
session['key name'] = 'some value here'
And that works fine.
On a route I have the client call using AJAX post, I assign a value to the session. And it works fine. I can click on various pages of my site and the value stays in the session. If I close the browser window however, and then go back to my site, the session value I had in there is gone.
So that's weird and you would think the problem is the session isn't permanent. I also implemented Flask-Openid and that uses the session to store information and that does persist if I close the browser window and open it back up again. I also checked the cookie after closing the browser window, but before going back to my site, and the cookie is indeed still there.
Another odd piece of behaviour (which may be related) is that some values I have written to the session for testing purposes will go away when I access the AJAX post route and assign the correct value. So that is odd, but what is truly weird is that when I then close the browser window and open it up again, and have thus lost the value I was trying to retain, the ones that I lost previously actually return! They aren't being reassigned because there's no code in my Python files to reassign those values.
Here is some outputs to helper make it clearer. They are all outputed from a route for a real page, and not the AJAX post route I mentioned above.
This is the output after I have assigned the value I want to store in the session. The value key is 'userid' - all the other values are dummy ones I have added in trying to solve this problem. 'userid': 8 will stay in the session as long as I don't close the browser window. I can access other routes and the value will stay there just like it should.
['session.=', <SecureCookieSession {'userid': 8, 'test_variable_num': 102, 'adding using before request': 'hi', '_permanent': True, 'test_variable_text': 'hi!'}>]
If I do close the browser window, and go back into the site, but without redoing the AJAX post request, I get this output:
['session.=', <SecureCookieSession {'adding using before request': 'hi', '_permanent': True, 'yo': 'yo'}>]
The 'yo' value was not in the first first output. I don't know where it came from. I searched my code for 'yo' and there is no instances of me assigning that value anywhere. I think I may have added it to the session days ago. So it seems like it is persisting, but being hidden when the other values are written.
And this last one is me accessing the AJAX post route again, and then going to the page that prints out the keys using debug. Same output as the first output I pasted above, which you would expect, and the 'yo' value is gone again (but it will come back if I close the browser window)
['session.=', <SecureCookieSession {'userid': 8, 'test_variable_num': 102, 'adding using before request': 'hi', '_permanent': True, 'test_variable_text': 'hi!'}>]
I tested this in both Chrome and Firefox.
So I find this all weird and I am guessing it stems from a misunderstanding of how sessions work. I think they're dictionaries and I can write dictionary values into them and retrieve them days later as long as I set the session to permanent and the cookie doesn't get deleted.
Any ideas why this weird behaviour is happening?
How are sessions implemented in Flask? In order to store data across multiple requests, Flask utilizes cryptographically-signed cookies (stored on the web browser) to store the data for a session. This cookie is sent with each request to the Flask app on the server-side where it's decoded.
Flask-Session is an extension for Flask that supports Server-side Session to your application. The Session is the time between the client logs in to the server and logs out of the server. The data that is required to be saved in the Session is stored in a temporary directory on the server.
There is no way to clear session or anything. One must simply change the app. config["SECRET_KEY"] and the contents in session dictionary will get erased.
By default, when the user closes their browser the Flask Session is deleted and the user is logged out. “Remember Me” prevents the user from accidentally being logged out when they close their browser.
Turns out the problem was a multiple domain cookie thing. I am running the site locally at 127.0.0.1:5000 but sometimes the site was accessed at localhost:5000 - so each of those domains had a separate cookie. Which explains why the data was disappearing and then reappearing. It was just associated with different domains.
Below is just extra detail
This came about because Facebook doesn't like IP addresses for domain names. So when developing locally, I was using 127.0.0.1:5000 but the Facebook callback url was localhost:5000. Which works fine because Flask picks up requests at both urls and treats them the same - all routes work as expected. Except for the session cookies which get associated with the different urls.
Flask sessions will be deleted once you close the browser IF you have not set the session.permanent = True
. That is how flask sessions are defined and is mentioned in the docs.
If you do however set the session as permanent, then default is 31 days when the session will persist. You can change that default as well by session.permanent_session_lifetime
. This means that the session will persist even if you close the browser unless of course, you delete the cookie itself manually.
In your case, I am not sure how you are using AJAX calls but in general, the above should hold true about default flask sessions.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With