Session security helps keep user data safe while they use a website. It stops others from stealing or changing your session information.
from flask import Flask, session app = Flask(__name__) app.secret_key = 'your_secret_key_here' # Keep this secret and safe @app.route('/') def index(): session['user'] = 'Alice' return 'Session set for user Alice' @app.route('/get') def get_session(): user = session.get('user', 'Guest') return f'Hello, {user}!'
app.secret_key is needed to sign session cookies securely.
Never share or expose your secret key publicly.
app.secret_key = 'a_very_secret_key_12345'session['cart'] = ['apple', 'banana']
user = session.get('user', 'Guest')
This Flask app lets users log in by posting a username. It stores the username in the session securely. The profile page shows the username if logged in. Logout clears the session.
from flask import Flask, session, redirect, url_for, request app = Flask(__name__) app.secret_key = 'supersecretkey123' @app.route('/login', methods=['POST']) def login(): username = request.form.get('username') if username: session['username'] = username return f'Logged in as {username}' return 'Please provide a username', 400 @app.route('/profile') def profile(): if 'username' in session: return f'Welcome to your profile, {session["username"]}!' return redirect(url_for('login')) @app.route('/logout') def logout(): session.pop('username', None) return 'You have been logged out.' if __name__ == '__main__': app.run(debug=True)
Always use HTTPS to protect session cookies from being intercepted.
Set SESSION_COOKIE_SECURE = True in Flask config to send cookies only over HTTPS.
Use session.permanent = True and set PERMANENT_SESSION_LIFETIME to control session expiration.
Session security keeps user data safe during website visits.
Use a strong secret key to sign session cookies.
Protect sessions with HTTPS and proper cookie settings.