0
0
Flaskframework~5 mins

Why authentication matters in Flask

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Introduction

Authentication helps confirm who you are when using a website or app. It keeps your information safe and private.

When users need to log in to access their personal accounts.
When you want to protect sensitive data from strangers.
When you want to track user actions securely.
When you want to offer personalized experiences based on user identity.
Syntax
Flask
from flask import Flask, request, redirect, url_for, session

app = Flask(__name__)
app.secret_key = 'your_secret_key'

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        # Check username and password here
        if username == 'user' and password == 'pass':
            session['user'] = username
            return redirect(url_for('dashboard'))
    return 'Login Page'

@app.route('/dashboard')
def dashboard():
    if 'user' in session:
        return f'Welcome {session["user"]}!'
    return redirect(url_for('login'))

Use session to remember who is logged in.

Always protect routes that need login by checking session data.

Examples
This saves the logged-in user's name in the session to remember them.
Flask
session['user'] = username
This checks if a user is logged in before showing content.
Flask
if 'user' in session:
    return 'User is logged in'
else:
    return 'Please log in'
Sample Program

This Flask app lets a user log in with username and password. If correct, it saves the user in session and shows a dashboard. If not logged in, it redirects to login.

Flask
from flask import Flask, request, redirect, url_for, session

app = Flask(__name__)
app.secret_key = 'secret123'

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        if username == 'admin' and password == '1234':
            session['user'] = username
            return redirect(url_for('dashboard'))
        return 'Invalid credentials'
    return '''<form method="post">
                  Username: <input name="username"><br>
                  Password: <input name="password" type="password"><br>
                  <input type="submit" value="Login">
              </form>'''

@app.route('/dashboard')
def dashboard():
    if 'user' in session:
        return f'Welcome {session["user"]}! This is your dashboard.'
    return redirect(url_for('login'))

if __name__ == '__main__':
    app.run(debug=True)
OutputSuccess
Important Notes

Never store passwords as plain text; always hash them in real apps.

Use secret_key to keep session data safe.

Redirect users to login if they try to access protected pages without authentication.

Summary

Authentication confirms who a user is.

It protects private data and pages.

Flask uses sessions to remember logged-in users.