[Solved] You want to secure a Flask route so only logged-in users can acce... Which approach correctly combines Flask tools to achieve this?@app.route('/settings') def settings(): # What should be added here? | Flask

Flask - Security Best Practices

You want to secure a Flask route so only logged-in users can access it. Which approach correctly combines Flask tools to achieve this?

@app.route('/settings')
def settings():
    # What should be added here?
    return 'User settings page'

ARedirect to homepage without checking session

BAlways return the page without checks

CCheck if 'user' in session; if not, abort(401); else return page

DUse print() to log user info but no access control

Step-by-Step Solution

Solution:

Step 1: Understand access control with Flask session
To secure a route, check if the user is logged in by verifying if 'user' exists in the session.
Step 2: Use abort(401) to block unauthorized users
If the user is not logged in, call abort(401) to stop access and send an error.
Step 3: Return the page only if user is authenticated
Only after passing the check should the page content be returned.
Final Answer:
Check if 'user' in session; if not, abort(401); else return page -> Option C
Quick Check:
Session check + abort(401) = secure route [OK]

Quick Trick: Check session user, abort if missing, then return page [OK]

Common Mistakes:

MISTAKES

Master "Security Best Practices" in Flask

9 interactive learning modes - each teaches the same concept differently

More Flask Quizzes

You want to secure a Flask route so only logged-in users can access it. Which approach correctly combines Flask tools to achieve this?