In this post I’ll provide an example of using session management in Flask. This is useful when you need to recover persistent data across different endpoints in your application. In this example, we set the permanent attribute of the session object to True in order to ensure that the session data lasts indefinitely until it is cleared when the user accesses the root endpoint again. The best practice is to have a timeout on the session data.

Another important feature of this example is the app.secret_key which ensures that the cookies which the session management is built on top of is cryptographically signed so that users can view the cookies, but not alter them. It’s best to set the secret key to the output of os.urandom(24), which should be sufficiently random.

from flask import Flask, render_template, session

app.secret_key = "something-from-os.urandom(24)"

app = Flask(__name__)

@app.before_request
def session_management():
    # make the session last indefinitely until it is cleared
    session.permanent = True

@app.route("/")
def index():
    # reset the session data
    session.clear()
    session["foo"] = "Foo"
    return render_template("index.html")

@app.route("/foo")
def foo():
    # retrieve "Foo" from the persistent session object
    foo = session["foo"]
    return render_template("foo.html")