Skip to content

A drop-in replacement for Flask's session handling using server-side sessions.

License

Notifications You must be signed in to change notification settings

rolepoint/flask-kvsession

 
 

Repository files navigation

Flask-KVSession is a drop-in replacement for Flask's signed cookie-based session management. Instead of storing data on the client, only a securely generated ID is stored on the client, while the actual session data resides on the server.

This has two major advantages:

  • Clients no longer see the session information
  • It is possible to securely destroy sessions. Even if the session cookie is stolen, it is no longer possible to use the session.

Other things are possible with server side session that are impossible with clients side sessions, like inspecting and manipulating data in absence of the client. The drawback is that sessions need to be stored. Flask-KVSession uses the simplekv-package for storing session data on a variety of backends.

Integration with Flask is seamless, once the extension is loaded for a Flask application, it transparently replaces (or rather, extends) Flask's own Session class for this instance. Any application working with sessions should work the same with Flask-KVSession.

Documentation

Flask-KVSessions includes good unit test coverage. See also:

License

Flask-KVSession is MIT-licensed.

About

A drop-in replacement for Flask's session handling using server-side sessions.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 100.0%