October 2018
Intermediate to advanced
332 pages
8h 9m
English
Content preview from Mastering Flask Web Development - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Sessions and globals
Sessions are the way Flask will store information across requests; to do this, Flask will use signed cookies using the previously set SECRET_KEY config to apply the HMAC-SHA1 default cryptographic method. So, a user can read their session cookie but can't modify it. Flask also sets a default session lifetime that defaults to 31 days to prevent relay attacks; this can be changed by using the configuration key's PERMANENT_SESSION_LIFETIME config key.
Security is paramount in today's modern web applications; read Flask's documentation carefully, where various attacks methods are covered: http://flask.pocoo.org/docs/security/.
A Flask session object is a special kind of Python dictionary, but you can use it much like a plain ...