0
0
Flaskframework~10 mins

Login_required decorator in Flask - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - Login_required decorator
User requests protected page
Check if user is logged in
Allow access
Show page
Redirect back to page
This flow shows how the login_required decorator checks if a user is logged in before allowing access to a page, otherwise redirects to login.
Execution Sample
Flask
from flask import Flask, redirect, url_for, session
from functools import wraps

def login_required(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if 'user' not in session:
            return redirect(url_for('login'))
        return f(*args, **kwargs)
    return decorated_function
This code defines a login_required decorator that redirects users to login if they are not logged in.
Execution Table
StepActionSession StateCondition ('user' in session?)Branch TakenResult
1User requests protected page{}FalseRedirect to loginRedirect to /login
2User visits login page and logs in{'user': 'alice'}N/AN/AUser logged in
3User requests protected page again{'user': 'alice'}TrueAllow accessShow protected page
4User logs out, session cleared{}N/AN/AUser logged out
5User requests protected page after logout{}FalseRedirect to loginRedirect to /login
💡 Execution stops when user is either redirected to login or allowed access based on session state.
Variable Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 4After Step 5
session{}{}{'user': 'alice'}{'user': 'alice'}{}{}
condition ('user' in session)FalseFalseTrueTrueFalseFalse
Key Moments - 3 Insights
Why does the user get redirected to login even if they just visited the protected page?
Because the session does not contain 'user' key at that moment (see Step 1 in execution_table), so the condition fails and redirect happens.
What happens if the session has 'user' key?
The condition 'user' in session is True (Step 3), so the decorator allows access and the protected page is shown.
Why do we use @wraps in the decorator?
To preserve the original function's name and docstring, which helps Flask routing and debugging (not shown in execution but important).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the session state at Step 3?
A{}
B{'user': 'bob'}
C{'user': 'alice'}
DNone
💡 Hint
Check the 'Session State' column at Step 3 in the execution_table.
At which step does the condition 'user' in session become True?
AStep 2
BStep 3
CStep 1
DStep 5
💡 Hint
Look at the 'Condition' column in the execution_table to find when it is True.
If the session never had 'user' key, what would happen at Step 5?
AUser is redirected to login
BUser sees the protected page
CAn error occurs
DNothing happens
💡 Hint
Refer to the 'Branch Taken' and 'Result' columns at Step 5 in the execution_table.
Concept Snapshot
login_required decorator:
- Wraps a view function
- Checks if 'user' in session
- If not, redirects to login page
- Otherwise, runs the original function
- Keeps user from accessing pages without login
Full Transcript
The login_required decorator in Flask checks if a user is logged in by looking for a 'user' key in the session. When a user requests a protected page, the decorator runs first. If the user is not logged in (no 'user' in session), it redirects them to the login page. After logging in, the user can access the protected page. If the user logs out, the session clears and access is again blocked until login. This flow ensures only logged-in users see protected content.