Working with Sessions in Flask

Introduction

Sessions are a crucial component of web applications, allowing developers to store user-specific data across multiple HTTP requests. In Flask, a micro web framework for Python, managing sessions is a breeze. In this blog post, we'll explore the ins and outs of working with sessions in Flask, complete with code examples to help you get started.

What are Sessions?

In the context of web development, a session is a way to preserve data across multiple web requests. It enables the server to associate data with a particular user during their visit. Sessions are commonly used to maintain user authentication, shopping cart contents, and other user-specific information.

Setting up Flask

Before diving into sessions, make sure you have Flask installed. If not, you can install it using pip:
 

pip install Flask

Basic Session Handling

Importing Flask and Creating an App

Let's start by importing Flask and creating a basic Flask application:
 

from flask import Flask, session app = Flask(__name__)

Configuring the Session

Flask relies on a secret key to secure sessions. You should generate a secret key and configure it in your Flask app:
 

app.secret_key = b'Y\xf1Xz\x00\xad|eQ\x80t \xca\x1a\x10K'

It's crucial to keep your secret key secret, as it is used for signing session cookies. Be sure to research the best way to create this key, and don’t copy the example.

Storing Data in the Session

To store data in the session, you can use the session object. For example, let's store a user's name:
 

@app.route('/login/<username>') def login(username):    session['username'] = username    return 'Logged in as ' + username

Accessing Session Data

You can access the data stored in the session using the session object as well. Here's how to retrieve the username:
 

@app.route('/profile') def profile():    username = session.get('username')    if username is not None:        return 'User: ' + username    return 'Not logged in'

Clearing the Session

To clear the session, you can use the pop method:
 

@app.route('/logout') def logout():    session.pop('username', None)    return 'Logged out'

Session Timeouts and Permanent Sessions

By default, sessions in Flask last until the user's web browser is closed. If you want to create a permanent session with a specified timeout, you can do so by setting the permanent attribute and permanent_session_lifetime configuration:
 

app.permanent_session_lifetime = timedelta(minutes=30)

You can mark a session as permanent when storing data:
 

session.permanent = True