0
0
Flaskframework~5 mins

Session security in Flask - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Recall & Review
beginner
What is the purpose of session security in Flask?
Session security helps protect user data stored in sessions from being stolen or tampered with during a web session.
Click to reveal answer
beginner
How does Flask protect session data by default?
Flask signs session cookies with a secret key to prevent tampering, ensuring the data cannot be changed by the client.
Click to reveal answer
beginner
Why should you set the 'SECRET_KEY' in a Flask app?
The 'SECRET_KEY' is used to sign session cookies. Without it, Flask cannot secure session data, making it vulnerable to attacks.
Click to reveal answer
intermediate
What is the role of 'secure' and 'httponly' flags in Flask session cookies?
'secure' ensures cookies are sent only over HTTPS, and 'httponly' prevents JavaScript from accessing cookies, reducing risk of theft.
Click to reveal answer
intermediate
How can you prevent session fixation attacks in Flask?
Regenerate the session ID after login by clearing the session or using Flask extensions to assign a new session cookie.
Click to reveal answer
What does Flask use to protect session cookies from tampering?
ANo protection by default
BEncryption of cookies by default
CStoring sessions only on the server
DA secret key to sign cookies
Which flag should be set to ensure cookies are sent only over HTTPS?
Asamesite
Bhttponly
Csecure
Ddomain
What is the risk if 'httponly' flag is not set on session cookies?
ACookies can be read by JavaScript, increasing risk of theft
BCookies will not be sent to the server
CCookies will expire immediately
DCookies will be encrypted
How can you improve session security after a user logs in?
AKeep the same session ID
BRegenerate the session ID
CDisable cookies
DStore session data in local storage
What must you set in your Flask app to enable session signing?
ASECRET_KEY
BSESSION_COOKIE_NAME
CDEBUG
DSESSION_TYPE
Explain how Flask secures session data and what settings you should configure to enhance session security.
Think about cookie protection and session management best practices.
You got /4 concepts.
    Describe common session security risks in web apps and how Flask helps mitigate them.
    Consider what attackers try to do with sessions and how Flask defends.
    You got /5 concepts.