Concept Flow - Flask-Login extension

User sends request

↓

Flask-Login checks session

↓

Is user authenticated?

No→Redirect to login page

Yes↓

Allow access to protected page

↓

User logs in

↓

User session created

↓

User logs out

↓

User session cleared

This flow shows how Flask-Login manages user sessions by checking authentication on requests, allowing access or redirecting, and handling login/logout.

Execution Sample

Flask

from flask_login import LoginManager, login_user, logout_user, login_required

login_manager = LoginManager()

@login_manager.user_loader
def load_user(user_id):
    return User.get(user_id)

This code sets up Flask-Login, defines how to load a user from an ID, and prepares login/logout functions.

Execution Table

Step	Action	Input	Check/Process	Result/Output
1	User sends request to protected page	Request with session cookie	Check if session has authenticated user	User not authenticated
2	Redirect to login page	No user session	Send redirect response	User sees login form
3	User submits login form	Username and password	Verify credentials	Credentials valid
4	Call login_user(user)	User object	Create user session	Session cookie set
5	User sends request to protected page	Request with session cookie	Check session user	User authenticated
6	Allow access to protected page	Authenticated user	Grant access	Page content shown
7	User clicks logout	Logout request	Call logout_user()	Session cleared
8	User sends request to protected page	Request without session	Check session	User not authenticated
9	Redirect to login page	No user session	Send redirect response	User sees login form

💡 Execution stops when user is either authenticated and allowed access or redirected to login if not authenticated.

Variable Tracker

Variable	Start	After Step 3	After Step 4	After Step 7	Final
user_authenticated	False	False	True	False	False
session_cookie	None	None	Set	Cleared	None
current_user	Anonymous	Anonymous	User object	Anonymous	Anonymous

Key Moments - 3 Insights

Why does the user get redirected to the login page even after submitting the login form?

What happens to the session when logout_user() is called?

How does Flask-Login know which user is logged in on each request?

Visual Quiz - 3 Questions

Test your understanding

Look at the execution_table at step 4: what happens when login_user(user) is called?

AThe user credentials are verified

BThe user is redirected to the login page

CA user session is created and a session cookie is set

DThe session cookie is cleared

Concept Snapshot

Flask-Login manages user sessions in Flask apps.
Use login_user(user) to log in and create a session.
Use logout_user() to clear the session.
Protect routes with @login_required.
Define user_loader to load user by ID.
Redirects unauthenticated users to login page.

Full Transcript

Flask-Login is a tool that helps Flask apps manage user login sessions. When a user sends a request, Flask-Login checks if the user is logged in by looking at the session cookie. If not logged in, it redirects the user to the login page. When the user submits the login form with correct credentials, login_user(user) is called to create a session and set a cookie. Then the user can access protected pages. When the user logs out, logout_user() clears the session cookie and the user is no longer authenticated. Flask-Login uses a user_loader function to find the user object from the stored user ID in the session. This flow ensures only logged-in users can access certain pages, and others are redirected to login.