What is Why sessions manage user state in Flask?

Flaskframework~5 mins

Why sessions manage user state in Flask

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Introduction

Sessions help keep track of who a user is while they use a website. This way, the site remembers the user's info without asking again and again.

When a user logs into a website and you want to keep them logged in as they move between pages.

When you want to save items a user adds to a shopping cart before they check out.

When you need to remember user preferences like language or theme during their visit.

When you want to protect pages so only logged-in users can see them.

When you want to store temporary data that should disappear after the user leaves the site.

Syntax

Flask

from flask import Flask, session

app = Flask(__name__)
app.secret_key = 'your_secret_key'

@app.route('/')
def index():
    session['username'] = 'Alice'
    return 'User saved in session'

@app.route('/profile')
def profile():
    user = session.get('username', 'Guest')
    return f'Hello, {user}!'

You must set secret_key to keep sessions secure.

Use session like a dictionary to store and get user data.

Examples

Save a list of items in the session to remember a shopping cart.

Flask

session['cart'] = ['apple', 'banana']

Get the username from the session or use 'Guest' if not set.

Flask

user = session.get('username', 'Guest')

Remove the username from the session, useful for logout.

Flask

session.pop('username', None)

Sample Program

This simple Flask app lets a user log in by typing a username. The username is saved in the session. The profile page greets the user by name if logged in. The logout page clears the session.

Flask

from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = 'supersecretkey'

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form['username']
        session['username'] = username
        return redirect(url_for('profile'))
    return '''
        <form method="post">
            Username: <input type="text" name="username">
            <input type="submit" value="Login">
        </form>
    '''

@app.route('/profile')
def profile():
    if 'username' in session:
        return f"Hello, {session['username']}! Welcome back."
    return 'You are not logged in.'

@app.route('/logout')
def logout():
    session.pop('username', None)
    return 'You have been logged out.'

if __name__ == '__main__':
    app.run(debug=True)

OutputSuccess

Important Notes

Sessions store data in signed cookies on the client side.

Never store sensitive info like passwords directly in sessions.

Sessions expire after some time or when the user logs out.

Summary

Sessions keep user info while they browse a site.

They help websites remember who you are without asking repeatedly.

Flask sessions work like a dictionary to save and get user data safely.