Some questions about Flask sessions

Question

Consider the following simple flask app:

from flask import Flask, request, session

application = Flask(__name__)
application.secret_key = \"some_random_stri         


        

Answer 1

Sessions in Flask can be implemented in different ways. The default implementation is based on secure cookies (cookies that have a cryptographic signature that prevents tampering). Here are the answers to your questions for this implementation:

1. The string will be stored in a client-side cookie. Each time the browser sends a request to the server, the cookie will be sent along with it.

2. The client can destroy the session by deleting the cookie using Javascript. (The default name for the session cookie is session). The server can delete the session by removing all the items from it.

3. In the default implementation the cookie has an expiration date set 31 days in the future. This can be changed with the PERMANENT_SESSION_LIFETIME configuration setting.

As I mentioned above, Flask supports third party session handlers, so the above answer may not apply to other implementations. In particular, there are handlers that implement server-side sessions (such as Flask-Session or Flask-KVSession) that store the session data in the server instead of the client.