Now that we have our old functionality back using our new Flask server, we can start to add some new features such as logging users in and out, creating new users , and allowing only logged in users to send messages. All of these depend heavily on web sessions.
Web sessions allow us to keep track of users between different requests via cookies. In these cookies, we store information that can be passed on from one request to the next. For example, we could store whether a user is authenticated, what their email address is, and so on. The cookies are signed cryptographically using a secret key, which we will need to define before we can use Flask's Sessions. In config.yaml
, add the following:
FLASK_SECRET_KEY: 'my-super-secret-flask-key'
Feel free to set your own secret key, this is just an example. In a production-like environment, this would have to be kept safe and secure, otherwise a user could forge their own session cookies.
We will now need to tell our app
to use this secret...