Get It Done! Part 7: Managing Login Using the Session
Notes
In this video lesson we learn how to enable our application to "remember" users via Flask's session
object. A session is an object (specifically, a dictionary) that you can use to store data that is associated with a specific user so that it is available for use across multiple requests. We'll also learn how to "forget" a user using session
and a logout route.
Additionally, we'll learn how to create special functions that are not route-specific using the decorator @app.before_request
. This allows us to do checks before handling incoming requests.
Finally we'll add a secret_key
to enable us to use the session
object.
-
To begin, import the
session
object from Flask -
Use the session object with this syntax in the
login
andregister
functions:session['email'] = email
. This creates a key calledemail
that has a value of the user's email. -
Next we'll create a simple logout handler to delete this session key:
@app.route('/logout', methods=['GET']) def logout(): del session['email'] return redirect('/')
-
Now we can check for whether this key is in the
session
object (and therefore if the user is logged in):@app.before_request def require_login(): allowed_routes = ['login', 'register'] if request.endpoint not in allowed_routes and 'email' not in session: return redirect('/login')
-
We'll also need to add a secret key to our app in order to use the
session
object:app.secret_key = "#someSecretString"
-
And finally we'll add a logout link to the body of our
base.html
:<div> <a href="./logout">log out</a> </div>
Code
View the final code for this lesson.