0
0
Flaskframework~10 mins

Session lifetime in Flask - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - Session lifetime
User sends request
Check session cookie
Session exists?
NoCreate new session
Yes
Check session expiration
Expired?
YesClear session, create new
No
Process request with session data
Update session expiration time
Send response with updated session cookie
Wait for next request or session timeout
This flow shows how Flask checks and manages session lifetime on each user request, creating, validating, or clearing sessions based on expiration.
Execution Sample
Flask
from flask import Flask, session
from datetime import timedelta

app = Flask(__name__)
app.secret_key = 'secret'
app.permanent_session_lifetime = timedelta(minutes=5)
This code sets up a Flask app with a session lifetime of 5 minutes.
Execution Table
StepActionSession Exists?Session Expired?Session StateResponse
1User sends first requestNoN/ACreate new session, set expiration to now + 5 minSet session cookie with expiration
2User sends second request within 5 minYesNoKeep session, update expiration to now + 5 minSend response with updated cookie
3User sends request after 6 min (timeout)YesYesClear old session, create new session, set expirationSet new session cookie
4User sends another request immediatelyYesNoKeep session, update expirationSend response with updated cookie
5User sends request within 5 minYesNoKeep session, update expirationSend response with updated cookie
6User sends request after 10 min (timeout)YesYesClear session, create newSet new session cookie
💡 Execution stops when user stops sending requests or session expires without renewal.
Variable Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 4After Step 5After Step 6
sessionNoneNew session with expiration T+5minSame session, expiration updated to T+5minSession cleared, new session with expiration T+5minSame session, expiration updatedSame session, expiration updatedSession cleared, new session with expiration T+5min
session cookieNoneSet with expiration T+5minUpdated with expiration T+5minReset with new expiration T+5minUpdatedUpdatedReset
Key Moments - 3 Insights
Why does the session get cleared after 6 minutes even though the user had a session cookie?
Because the session lifetime is set to 5 minutes, after 6 minutes the session expiration is passed, so Flask clears the old session and creates a new one (see execution_table row 3).
What happens to the session expiration time when the user sends a request before the session expires?
The expiration time is updated to extend the session lifetime by another 5 minutes from the current request time (see execution_table rows 2, 4, and 5).
Does Flask keep the session forever if the user keeps sending requests?
No, Flask keeps extending the session expiration on each request within the lifetime, but if the user stops sending requests and the expiration time passes, the session is cleared (see execution_table rows 2 and 6).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the session state at Step 3?
ASession kept with updated expiration
BSession cleared and new session created with new expiration
CSession expired but not cleared
DNo session exists
💡 Hint
Check the 'Session State' column at Step 3 in the execution_table.
At which step does the session expiration cause the session to be cleared?
AStep 5
BStep 2
CStep 3
DStep 4
💡 Hint
Look for 'Session Expired?' column with 'Yes' and 'Session State' showing clearing in execution_table.
If the session lifetime was changed to 10 minutes, how would Step 3 change?
ASession would not be expired and kept with updated expiration
BSession would be cleared earlier
CSession would still be cleared at Step 3
DSession would never expire
💡 Hint
Refer to the 'Session Expired?' logic in execution_table and how expiration time affects session clearing.
Concept Snapshot
Flask session lifetime controls how long a session lasts.
Set with app.permanent_session_lifetime (e.g., 5 minutes).
Each request updates expiration if session active.
Expired sessions are cleared and new ones created.
Session cookie holds expiration info for browser.
Keep sessions short for security and freshness.
Full Transcript
In Flask, session lifetime means how long a user's session data stays valid. When a user sends a request, Flask checks if a session cookie exists. If not, it creates a new session and sets an expiration time, for example 5 minutes from now. If the session exists, Flask checks if it expired. If expired, Flask clears the old session and creates a new one. If not expired, Flask updates the expiration time to extend the session. This process repeats on every request. The session cookie sent to the browser holds the expiration info so the browser knows when the session ends. If the user stops sending requests and the expiration time passes, the session is cleared. This helps keep sessions secure and fresh. The example code sets the session lifetime to 5 minutes using app.permanent_session_lifetime. This means sessions last 5 minutes after the last user activity.