Get It Done! Part 7: Managing Login Using the Session

Notes

In this video lesson we learn how to enable our application to "remember" users via Flask's session object. A session is an object (specifically, a dictionary) that you can use to store data that is associated with a specific user so that it is available for use across multiple requests. We'll also learn how to "forget" a user using session and a logout route.

Additionally, we'll learn how to create special functions that are not route-specific using the decorator @app.before_request. This allows us to do checks before handling incoming requests.

Finally we'll add a secret_key to enable us to use the session object.

• To begin, import the session object from Flask

• Use the session object with this syntax in the login and register functions: session['email'] = email. This creates a key called email that has a value of the user's email.

• Next we'll create a simple logout handler to delete this session key:

  @app.route('/logout', methods=['GET'])
  def logout():
      del session['email']
      return redirect('/')

• Now we can check for whether this key is in the session object (and therefore if the user is logged in):

  @app.before_request
  def require_login():
      allowed_routes = ['login', 'register']
      if request.endpoint not in allowed_routes and 'email' not in session:
          return redirect('/login')

• We'll also need to add a secret key to our app in order to use the session object:

  app.secret_key = "#someSecretString"

• And finally we'll add a logout link to the body of our base.html:

      <div>
          <a href="./logout">log out</a>
      </div>

Code

View the final code for this lesson.

References

• Sessions in Flask