0
0
Flaskframework~20 mins

Session security in Flask - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Session Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
What does Flask's session cookie 'secure' flag do?
In Flask, setting the 'secure' flag on session cookies means:
AThe cookie expires immediately after the browser closes.
BThe cookie is encrypted with a secret key.
CThe cookie is only sent over HTTPS connections.
DThe cookie is accessible only via JavaScript.
Attempts:
2 left
💡 Hint
Think about when cookies are sent over the network.
component_behavior
intermediate
2:00remaining
What happens if Flask's session cookie has 'httponly' set to false?
Consider this Flask configuration:
app.config['SESSION_COOKIE_HTTPONLY'] = false
What is the effect on session security?
AJavaScript can access the session cookie, increasing risk of XSS attacks.
BThe session cookie expires immediately.
CThe session cookie is only sent over HTTPS.
DThe session cookie is encrypted automatically.
Attempts:
2 left
💡 Hint
Think about what 'httponly' controls.
state_output
advanced
2:00remaining
What is the output of this Flask session code snippet?
Given the Flask route below, what will be the value of session.get('count') after three requests?
from flask import Flask, session
app = Flask(__name__)
app.secret_key = 'secret'

@app.route('/')
def index():
    session['count'] = session.get('count', 0) + 1
    return str(session['count'])
A1 on first request, 2 on second, 3 on third
BAlways 1 on every request
CRaises a KeyError on first request
D0 on first request, then 1, then 2
Attempts:
2 left
💡 Hint
Sessions store data between requests.
📝 Syntax
advanced
2:00remaining
Which Flask session configuration line correctly sets the cookie to expire in 1 hour?
Choose the correct way to set Flask session cookie expiration to 3600 seconds.
Aapp.config['PERMANENT_SESSION_LIFETIME'] = 3600
Bapp.config['SESSION_COOKIE_DURATION'] = 3600
Capp.config['SESSION_COOKIE_EXPIRE'] = 3600
Dapp.config['PERMANENT_SESSION_LIFETIME'] = timedelta(seconds=3600)
Attempts:
2 left
💡 Hint
Check the type expected for 'PERMANENT_SESSION_LIFETIME'.
🔧 Debug
expert
3:00remaining
Why does this Flask app fail to keep session data between requests?
Examine this Flask app snippet:
from flask import Flask, session
app = Flask(__name__)

@app.route('/')
def index():
    session['user'] = 'Alice'
    return 'Set user'

After refreshing the page multiple times, session.get('user') is always null. What is the cause?
AThe session cookie is set to secure but the app runs on HTTP.
BThe app is missing a secret key, so sessions cannot be signed.
CThe session data is cleared explicitly after each request.
DThe route does not return the session data.
Attempts:
2 left
💡 Hint
Flask sessions require a secret key to work properly.