Kenhuang Academy
  • English

      • Session & Cookies

      Flask uses signed cookies for sessions by default (based on SECRET_KEY), but can also switch to server-side solutions (like Redis).

      Read/Set Cookies:

      from flask import request, make_response

@app.get("/get-cookie")
def get_cookie():
    return request.cookies.get("sid")

@app.get("/set-cookie")
def set_cookie():
    resp = make_response("ok")
    resp.set_cookie("sid", "abc", httponly=True, samesite="Lax", max_age=3600)
    return resp

      Session:

      from flask import session

@app.get("/login")
def login():
    session["uid"] = 1
    return "ok"

@app.get("/me")
def me():
    return {"uid": session.get("uid")}

      Server-side Session: Use extensions (like Flask-Session) to store to Redis/Memcached.

      pip install flask-session redis

      Security: Set SESSION_COOKIE_SECURE=True to enable Secure under HTTPS; properly set SameSite to prevent CSRF and session fixation.