0
0
Flaskframework~20 mins

How cookies work in HTTP in Flask - Practice Exercises

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Cookie Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What does this Flask route do with cookies?
Consider this Flask route that sets a cookie. What will the browser receive after visiting this route?
Flask
from flask import Flask, make_response
app = Flask(__name__)

@app.route('/set')
def set_cookie():
    resp = make_response('Cookie is set')
    resp.set_cookie('user', 'alice')
    return resp
AThe server returns an error because set_cookie is not a valid method.
BThe cookie is set but the response body is empty.
CThe response body contains 'user=alice', but no cookie is set in the browser.
DThe response includes a Set-Cookie header with user=alice, and the page shows 'Cookie is set'.
Attempts:
2 left
💡 Hint
Look at how make_response and set_cookie work together.
state_output
intermediate
2:00remaining
What value does the server read from the cookie?
Given this Flask route that reads a cookie, what will be printed if the browser sends a cookie user=bob?
Flask
from flask import Flask, request
app = Flask(__name__)

@app.route('/get')
def get_cookie():
    user = request.cookies.get('user')
    return f'User is {user}'
AUser is '' (empty string)
BUser is None
CUser is bob
DThe server raises a KeyError
Attempts:
2 left
💡 Hint
Check how request.cookies.get works when the cookie exists.
📝 Syntax
advanced
2:00remaining
Which option correctly deletes a cookie in Flask?
You want to delete the cookie named 'session' in Flask. Which code snippet correctly does this?
Flask
from flask import Flask, make_response
app = Flask(__name__)

@app.route('/logout')
def logout():
    resp = make_response('Logged out')
    # delete cookie here
    return resp
Aresp.delete_cookie('session')
Bresp.set_cookie('session', '', max_age=0)
Cresp.remove_cookie('session')
Dresp.set_cookie('session', None)
Attempts:
2 left
💡 Hint
Look for the Flask Response method that removes cookies.
🔧 Debug
advanced
2:00remaining
Why does this cookie not get set in the browser?
This Flask code tries to set a cookie but the browser never stores it. What is the problem?
Flask
from flask import Flask, make_response
app = Flask(__name__)

@app.route('/set')
def set_cookie():
    resp = make_response('Setting cookie')
    resp.set_cookie('token', 'abc123', httponly=True, secure=True)
    return 'Cookie set'
AThe secure=True flag prevents the cookie from being set on HTTP connections.
BThe response returns a string instead of the response object with the cookie.
Chttponly=True disables the cookie from being stored.
DThe cookie name 'token' is reserved and cannot be used.
Attempts:
2 left
💡 Hint
Check what the route returns.
🧠 Conceptual
expert
2:00remaining
How does the browser decide which cookies to send with a request?
When a browser makes an HTTP request, which cookies does it include in the request headers?
AOnly cookies matching the request domain and path, and respecting Secure and HttpOnly flags.
BAll cookies stored by the browser regardless of domain or path.
COnly cookies set in the last 24 hours.
DCookies are sent only if the request is a POST method.
Attempts:
2 left
💡 Hint
Think about cookie scope and security flags.