The Project | About Us | Contribute | Donations | License
HOME My courses Completed
◄ Previous

User Session Management

Next ►

In this section, we will explore how to manage user sessions in a Flask application. User session management is crucial for maintaining user state across different requests, enabling features like user authentication, personalized content, and more.

Key Concepts

  1. Sessions: A session is a way to store information (in variables) to be used across multiple pages. Flask provides a session object, which allows you to store information specific to a user from one request to the next.
  2. Cookies: Sessions are typically implemented using cookies. A cookie is a small piece of data stored on the client-side and sent to the server with each request.
  3. Flask-Login: A popular extension for managing user sessions in Flask applications. It provides user session management, including login, logout, and session protection.

Setting Up Flask-Login

First, let's install Flask-Login:

pip install flask-login

Basic Setup

Step 1: Initialize Flask-Login

In your Flask application, initialize Flask-Login:

from flask import Flask
from flask_login import LoginManager

app = Flask(__name__)
app.secret_key = 'your_secret_key'  # Required for session management

login_manager = LoginManager()
login_manager.init_app(app)

Step 2: Create a User Model

Flask-Login requires a user model with certain properties and methods. Here is a simple example:

from flask_login import UserMixin

class User(UserMixin):
    def __init__(self, id, username, password):
        self.id = id
        self.username = username
        self.password = password

# Example user data
users = {
    'user1': User(id=1, username='user1', password='password1'),
    'user2': User(id=2, username='user2', password='password2')
}

Step 3: User Loader

Flask-Login needs a way to load a user from the session. Implement the user_loader callback:

@login_manager.user_loader
def load_user(user_id):
    return users.get(user_id)

Step 4: Login and Logout Views

Create views for logging in and logging out users:

from flask import request, redirect, url_for, render_template
from flask_login import login_user, logout_user, login_required, current_user

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        user = next((u for u in users.values() if u.username == username and u.password == password), None)
        if user:
            login_user(user)
            return redirect(url_for('dashboard'))
        else:
            return 'Invalid credentials', 401
    return render_template('login.html')

@app.route('/logout')
@login_required
def logout():
    logout_user()
    return redirect(url_for('login'))

@app.route('/dashboard')
@login_required
def dashboard():
    return f'Hello, {current_user.username}!'

Step 5: Protecting Routes

Use the @login_required decorator to protect routes that require authentication:

@app.route('/protected')
@login_required
def protected():
    return 'This is a protected route.'

Practical Example

Here is a complete example of a simple Flask application with user session management:

from flask import Flask, request, redirect, url_for, render_template
from flask_login import LoginManager, UserMixin, login_user, logout_user, login_required, current_user

app = Flask(__name__)
app.secret_key = 'your_secret_key'

login_manager = LoginManager()
login_manager.init_app(app)

class User(UserMixin):
    def __init__(self, id, username, password):
        self.id = id
        self.username = username
        self.password = password

users = {
    'user1': User(id=1, username='user1', password='password1'),
    'user2': User(id=2, username='user2', password='password2')
}

@login_manager.user_loader
def load_user(user_id):
    return users.get(user_id)

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        user = next((u for u in users.values() if u.username == username and u.password == password), None)
        if user:
            login_user(user)
            return redirect(url_for('dashboard'))
        else:
            return 'Invalid credentials', 401
    return render_template('login.html')

@app.route('/logout')
@login_required
def logout():
    logout_user()
    return redirect(url_for('login'))

@app.route('/dashboard')
@login_required
def dashboard():
    return f'Hello, {current_user.username}!'

@app.route('/protected')
@login_required
def protected():
    return 'This is a protected route.'

if __name__ == '__main__':
    app.run(debug=True)

Exercises

Exercise 1: Implement a Registration View

Create a registration view that allows new users to register. Store the user data in the users dictionary.

Solution:

@app.route('/register', methods=['GET', 'POST'])
def register():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        if username in [u.username for u in users.values()]:
            return 'Username already exists', 400
        user_id = len(users) + 1
        new_user = User(id=user_id, username=username, password=password)
        users[username] = new_user
        return redirect(url_for('login'))
    return render_template('register.html')

Exercise 2: Add Flash Messages

Add flash messages to provide feedback to users during login, logout, and registration.

Solution:

from flask import flash

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        user = next((u for u in users.values() if u.username == username and u.password == password), None)
        if user:
            login_user(user)
            flash('Logged in successfully.', 'success')
            return redirect(url_for('dashboard'))
        else:
            flash('Invalid credentials', 'danger')
            return redirect(url_for('login'))
    return render_template('login.html')

@app.route('/logout')
@login_required
def logout():
    logout_user()
    flash('Logged out successfully.', 'success')
    return redirect(url_for('login'))

@app.route('/register', methods=['GET', 'POST'])
def register():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        if username in [u.username for u in users.values()]:
            flash('Username already exists', 'danger')
            return redirect(url_for('register'))
        user_id = len(users) + 1
        new_user = User(id=user_id, username=username, password=password)
        users[username] = new_user
        flash('Registered successfully. Please log in.', 'success')
        return redirect(url_for('login'))
    return render_template('register.html')

Summary

In this section, we covered the basics of user session management in Flask using the Flask-Login extension. We learned how to:

  • Initialize Flask-Login.
  • Create a user model.
  • Implement user login and logout views.
  • Protect routes with the @login_required decorator.

By understanding these concepts, you can manage user sessions effectively in your Flask applications, providing a secure and personalized user experience.

◄ Previous
Next ►
The Project | About Us | Contribute | Donations | License
© Copyright 2024. All rights reserved