Flask Tutorial #5 - Sessions
# Understanding Web Development Sessions: A Comprehensive Guide
## Introduction to Sessions in Web Development
Welcome back to our series on web development! In today's video, we will delve into the concept of **sessions**. If you're new to web development, you might be wondering what sessions are and why they are essential. Let’s explore this together.
Sessions are a fundamental aspect of web development that allow us to store temporary information about users while they interact with your website. This is particularly useful when dealing with user authentication, such as login pages or profile management.
In the previous video, we demonstrated a basic example where logging in redirects you to a page displaying your username. However, there was a flaw: every time you wanted to view the username, you had to log in again. That’s where sessions come into play—they allow us to store user information temporarily on the server, making it accessible across multiple pages without repeatedly asking for login credentials.
## How Sessions Work
Think of a session as a temporary storage area on the web server. When a user logs in, we create a new session and store their details (like their username) in this storage area. While the user is browsing your website, any page they visit can access this session data. Once the user leaves the website or logs out, the session data is deleted.
For instance, consider platforms like Instagram or Facebook. When you log in, a new session is created to store your username and other relevant information. As you navigate between different pages (e.g., profile, feed, settings), each page accesses the same session data to provide a personalized experience. Once you log out, this data is cleared, ensuring security.
## Implementing Sessions in Your Web Application
To implement sessions in your web application using Flask, follow these steps:
1. **Import Session**: Start by importing the `session` module.
2. **Set Up Session Data**: When a user logs in, store their information in the session. For example:
```python
session['user'] = username
```
3. **Access Session Data**: On other pages, retrieve the stored data. Always check if the session exists before accessing it to avoid errors.
```python
if 'user' in session:
user = session['user']
else:
return redirect('/login')
```
## Example: Login and Redirection
Let’s walk through an example. When a user submits their login credentials, we store their username in the session:
```python
@app.route('/login', methods=['POST'])
def login():
# Assume username is validated and stored securely
session['user'] = username
return redirect('/user')
```
On the `/user` page:
```python
@app.route('/user')
def user_page():
if 'user' in session:
user = session['user']
return f"Welcome, {user}!"
else:
return redirect('/login')
```
This setup avoids passing the username through URLs, enhancing security and simplifying your code.
## Handling Logout
To log out a user, you need to remove their session data. This can be done using `session.pop()` or by invalidating the session:
```python
@app.route('/logout')
def logout():
# Remove 'user' from session
session.pop('user', None)
return redirect('/login')
```
## Permanent Sessions
If you want to keep users logged in for an extended period (e.g., "Remember Me" functionality), you can set up **permanent sessions**. Here’s how:
1. Import `timedelta` from the `datetime` module.
2. Set the session lifetime:
```python
app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(days=5)
```
3. Make a session permanent upon login:
```python
session.permanent = True
```
## Conclusion
Sessions are an essential tool for managing user interactions in web development. They allow you to store temporary data securely on the server, making it accessible across multiple pages without repeatedly requesting user input. By understanding and implementing sessions effectively, you can create more dynamic and user-friendly websites.
In our next video, we’ll explore even more advanced topics related to session management and security. Stay tuned!
If you found this guide helpful, don’t forget to like, subscribe, and share with your fellow web development enthusiasts. Until next time—happy coding!
"WEBVTTKind: captionsLanguage: enhello everyone and welcome back to their flats tutorial so in today's video what I'm gonna be doing is talking about sessions now to try to explain you guys what sessions are I'm gonna give you an example of what we did in the previous video and talk about a way in which we could do this better so essentially we had this login page and once we logged in we get got the users name and then we redirected them to a page that showed them their name just pretty much pop that up on the screen now this is great that's fine but every time that we want to see the users name we need to log in again and again and again and if we ever want to keep seeing the user's name we need to continue to log in now what if we want to direct to another page and that page wants the users name as well well that means we have to set up a way to pass to that page the users name we got to use a parameter we have to set up this link it's just really not the best way to do things and sometimes you know you don't want to redirect to a page it says slash Tim or slash Jo or slash bill so what we're gonna do to actually pass around information through our you know back-end here and through our different web pages is use something called sessions now sessions are great because they're temporary they're stored on the web server and they're just simply there for quick access of information between all the different pages of your website think of a session as something that you're gonna load in your going to use while the user is on your website so while they're browsing on the website and then as soon as they leave it's gonna disappear so essentially if we're doing an example let's say you know of Instagram or Facebook when someone logs in there's gonna be a new session created it's gonna store their username probably some other information as well about what they're doing on the website at the current time and then as they can go between different pages those pages can access that session data so it can say okay so I moved to you know my profile page this is the profile of Tim I know that because I stored that in a session so let's show all this different information that I have stored in the session as well or whatever it is right and then as soon as that usually leaves the web page or logs out of the web page all of that session data is erased it disappears and the next time they log in that session data will be reloaded into the session where it can be used for the rest of the pages now this is very useful I'm gonna show you guys kind of how this works it should start to make a bit more sense but that is kind of the basics of sessions just for my they're temporary they're stored on the server they're actually not stored on the client side and they're kind of designed for just quick access of information and a way to pass stuff around our server okay so what I want to do essentially is I want to do an example where the user logs in we create a session for them that stores the name and then we can redirect to another page that doesn't have this you know slash user so I'm actually just gonna get rid of this and make this slash user here we don't have any parameters here and we can still access that person's name and display that on the screen so let's start with that what we need to do is actually start by importing session here I'm going to show you how easy this is to actually do so what we can do is inside a request stop post so when the user presses login or submit or whatever on that login page what we're going to do is set up some session data based on whatever information they typed in so I'm going to say session and in this case user equals user and this is actually as easy as it is to set up some data for our session so this session stores data as a dictionary just like we've seen this requests top form working so if I want to create a new you know piece of information information in my session what I can do is simply type session the name of whatever I want that dictionary key to be and then set it equal to some specific value in this case this is the user that click Submit and you know submitted their name to this form so that's it that's literally how we store information in the session now how do we get that information so what I want to do is I'm going to change this redirect here to redirect to user but I'm not gonna pass the user as an argument I'm actually just gonna redirect that I'm not gonna pass any information and from this user function I'm gonna get the session information now the way that I do this is I first check if there's any information in the session so I want to make sure that before I reference that dictionary key that we've actually you know logged in because technically someone could just type slash user and access this page without being logged in right so what I'm gonna do is say if user which is the name of that session key right in session then what I'll do is return an F string and I'm actually going to get this user so I set user equals session user and we know this is valid because we just checked if user was in session and then I'll simply display the user like that and put this inside the brackets so it shows up so that is as easy as it is to store and retrieve session data just remember all you do is literally make a dictionary key put it aside session I've imported session up here set it equal to a value and then you can access it after you've checked if it exists now what I'm gonna do if this session does not exist so if there's no user in my session that means that I haven't logged in yet or I've left the browser and I need to log in again so what I'm gonna do is actually redirect back to the login page and say hey you need to login or whatever it is so I'm just gonna say return redirect URL for in this case login and then since we have a get method when we're returning over here we will return this render template for login dot HTML they can hit submit and they can redirect back to the user page so let's start with that and then we'll get into some other more complicated things so to run this I'm just gonna go python tutorial v dot pi okay so let's go copy this link here and we'll head to the slash login page and see what we get okay so this is our home page so sorry slash login name let's try Tim if I hit submit and if I hit submit we get an error because I just remember that I need to add something to my file here so essentially all of this session data that we store is actually encrypted on the server and that means we actually need to define something called a secret key which will be the way that we decrypt and encrypt this data so to do that I'm gonna type at the beginning of my program app dot secret key equals and then you can literally just type any string in here that you want I mean it would be wise to make this something somewhat complicated but I'm just gonna make mine hello as my secret key but we do just need to set a secret key I completely forgot that that was actually a necessary step in doing this okay so let me refresh this page now and see what we get actually I got to go back to slash login so let's go to slash login this hopefully should be good now I'm gonna type Tim hit submit and then you can see we're redirected to a page that says Tim and notice again right that I don't pass any information to here about the user we're getting it this session variable so let's go back and let's do something else now so if I close this browser and I open it back up and I go to whatever that link is and then I go to slash user you'll see that it redirects me back to logging well why does it do that because when I close the web browser my session data is actually deleted from the server which means that if I want to go back to the user page I need to create a new session and logging again in this case we'll login with Joe and we see we are redirected to Joe I can go you know to slash home and that will slash home isn't a page but if I go to slash and then I go back to slash user you'll see that it brings me back to Joe because it stored that information in the session so again very useful that is how that works now it's talking about actually clearing a session and logging out so we'll leave that up for now but what I want to do is actually create a login page and show you how you can manually clear session DAP because essentially if someone logs out you probably want to delete all the information associated with their session or at least some of that information so what I'm going to do is set up a new function here so a new page we'll just call this one slash logout like that it's defined logout and all we're gonna do in here is actually remove some data from our session what I'm going to do is say session dot pop and then I'm gonna say user none now what this is gonna do is actually remove the user data from my sessions this is just how you remove it from the dictionary and then this none is just a message that's associated with removing that data I'm not really gonna talk about that because I don't fully understand why we have none here but that's anyways it's not that important so once we log out we will actually return a your redirect to the login page so we'll say URL for in this case login ok awesome now what I want to do is add one more thing to login here we're essentially I check if when we redirect to login here if we're already logged in I just redirect us to the user page otherwise I'm gonna actually redirect us to this login dot HTML form so to do that is pretty easy all I'm gonna say is if user in session which essentially means you know we've signed in then all I need to do is return a redirect to the URL for in this case user and that is as easy as it says so essentially what I've done here is set up a way that we can log in using a session and then we can be redirected to a specific page without sending that information directly to it through a parameter we can display that information we can log out now by popping that session data and then if we go to the login page of our already logged in it's actually going to redirect us to this user page and just show us that information so let's do that now um if I go to slash long out you can see that it redirects us to the login page and now if I were to try to go to back back to slash user we get redirected immediately back to the login page because we're not signed in yet so if we sign in with say Tim there we go we're on the user page and now if I go to slash login you can see it actually just redirects us back to this same page because we're already logged in and then again we can log out brings us the login page and if I go to slash user that's not going to work and that is kind of how we do that now remember that this session dad is actually deleted when I close my browser so I'm gonna show you quickly a way that we can store our session data for longer because what actually happens is this session data is stored in a temporary directory on the server and we can set how long we want that information to be stored for by using something called permanent sessions now what I'm gonna do to set up the permanent session here is define first of all how long I want a permanent session to last so you may have noticed sometimes you know you revisit a website a few days later and you just log in immediately you don't actually have to you know go through the process or maybe your informations already typed in and you just hit login we're gonna some of this information is stored in permanent sessions which means it's storing it for longer than you know however long you're in the web browser so that every time you go back to that web page you can quickly access information that you need and you don't need to log back in so what I'm gonna do is actually just import something here so I'm gonna say from date time import time Delta now the reason I'm doing this is because I want to set up the max time that our session could last for and the way that I do that is app dot and I gotta look up my other screen because I forget what it is permanent session lifetime like that and then it's gonna be equal to time Delta and then you can say days equals and how many days you want this to actually last for let me make sure this is correct so I could say days and I could say five days and if I do this what this means is we're gonna store our permanent session data for five days I can also do something like minutes equals five and if I do that that means we're gonna store our permanent session data for five minutes and then delete it after that now how do we make a session permanent well this is actually pretty easy all we're gonna do is when we log in and we actually have we've got this information we've logged in everything's valid say we've checked this against the database then we can make the session permanent by saying session dot permanent if I could spell this correctly equals true I don't know why that was such a struggle okay so session dot permanent equals true and now this is going to define this specific session as a permanent session which means it's gonna last as long as we've defined up here by default don't do this it sets our session to not permanent so false here and that means it's gonna last for as long as you're actually on the webpage or sorry in your browser so let's see if this is working now believe it is so let's go back to that web page um give it a second here what's our air I guess got a hit enter in the command prompt okay so let's go slash login let's do our name so Tim and then let's actually close this and let's go back to it so paste that in here why is this not working okay and then we'll go to slash login and you can see we are redirected back to this user page because our session data was actually saved permanently so when I actually closed this window it didn't do anything so now let's say logout we've logged out and then obviously now our session data has been removed because we had this session being removed from the logout so that is kind of everything about sessions there's obviously some more stuff that you guys can do with this but this is the basics and just remember sessions are something that you're using temporarily you should never be storing perm data in a session and typically what ends up happening is you'll log in you'll validate some stuff with the database you'll actually grab some information from the database and store that in a session and then whenever you log out you'll remove that information and when you log in again you can load it back in so this is information that you don't really care about but it's just there for quick retrieval and for easy access from different web pages so you don't have to continually read from the database and you also just know some of this information passing between the pages you don't have to send them through you know the URL which is not a secure way to send information so that has been it for this video if you guys enjoyed make sure you leave a like and subscribe and I will see you guys in another onehello everyone and welcome back to their flats tutorial so in today's video what I'm gonna be doing is talking about sessions now to try to explain you guys what sessions are I'm gonna give you an example of what we did in the previous video and talk about a way in which we could do this better so essentially we had this login page and once we logged in we get got the users name and then we redirected them to a page that showed them their name just pretty much pop that up on the screen now this is great that's fine but every time that we want to see the users name we need to log in again and again and again and if we ever want to keep seeing the user's name we need to continue to log in now what if we want to direct to another page and that page wants the users name as well well that means we have to set up a way to pass to that page the users name we got to use a parameter we have to set up this link it's just really not the best way to do things and sometimes you know you don't want to redirect to a page it says slash Tim or slash Jo or slash bill so what we're gonna do to actually pass around information through our you know back-end here and through our different web pages is use something called sessions now sessions are great because they're temporary they're stored on the web server and they're just simply there for quick access of information between all the different pages of your website think of a session as something that you're gonna load in your going to use while the user is on your website so while they're browsing on the website and then as soon as they leave it's gonna disappear so essentially if we're doing an example let's say you know of Instagram or Facebook when someone logs in there's gonna be a new session created it's gonna store their username probably some other information as well about what they're doing on the website at the current time and then as they can go between different pages those pages can access that session data so it can say okay so I moved to you know my profile page this is the profile of Tim I know that because I stored that in a session so let's show all this different information that I have stored in the session as well or whatever it is right and then as soon as that usually leaves the web page or logs out of the web page all of that session data is erased it disappears and the next time they log in that session data will be reloaded into the session where it can be used for the rest of the pages now this is very useful I'm gonna show you guys kind of how this works it should start to make a bit more sense but that is kind of the basics of sessions just for my they're temporary they're stored on the server they're actually not stored on the client side and they're kind of designed for just quick access of information and a way to pass stuff around our server okay so what I want to do essentially is I want to do an example where the user logs in we create a session for them that stores the name and then we can redirect to another page that doesn't have this you know slash user so I'm actually just gonna get rid of this and make this slash user here we don't have any parameters here and we can still access that person's name and display that on the screen so let's start with that what we need to do is actually start by importing session here I'm going to show you how easy this is to actually do so what we can do is inside a request stop post so when the user presses login or submit or whatever on that login page what we're going to do is set up some session data based on whatever information they typed in so I'm going to say session and in this case user equals user and this is actually as easy as it is to set up some data for our session so this session stores data as a dictionary just like we've seen this requests top form working so if I want to create a new you know piece of information information in my session what I can do is simply type session the name of whatever I want that dictionary key to be and then set it equal to some specific value in this case this is the user that click Submit and you know submitted their name to this form so that's it that's literally how we store information in the session now how do we get that information so what I want to do is I'm going to change this redirect here to redirect to user but I'm not gonna pass the user as an argument I'm actually just gonna redirect that I'm not gonna pass any information and from this user function I'm gonna get the session information now the way that I do this is I first check if there's any information in the session so I want to make sure that before I reference that dictionary key that we've actually you know logged in because technically someone could just type slash user and access this page without being logged in right so what I'm gonna do is say if user which is the name of that session key right in session then what I'll do is return an F string and I'm actually going to get this user so I set user equals session user and we know this is valid because we just checked if user was in session and then I'll simply display the user like that and put this inside the brackets so it shows up so that is as easy as it is to store and retrieve session data just remember all you do is literally make a dictionary key put it aside session I've imported session up here set it equal to a value and then you can access it after you've checked if it exists now what I'm gonna do if this session does not exist so if there's no user in my session that means that I haven't logged in yet or I've left the browser and I need to log in again so what I'm gonna do is actually redirect back to the login page and say hey you need to login or whatever it is so I'm just gonna say return redirect URL for in this case login and then since we have a get method when we're returning over here we will return this render template for login dot HTML they can hit submit and they can redirect back to the user page so let's start with that and then we'll get into some other more complicated things so to run this I'm just gonna go python tutorial v dot pi okay so let's go copy this link here and we'll head to the slash login page and see what we get okay so this is our home page so sorry slash login name let's try Tim if I hit submit and if I hit submit we get an error because I just remember that I need to add something to my file here so essentially all of this session data that we store is actually encrypted on the server and that means we actually need to define something called a secret key which will be the way that we decrypt and encrypt this data so to do that I'm gonna type at the beginning of my program app dot secret key equals and then you can literally just type any string in here that you want I mean it would be wise to make this something somewhat complicated but I'm just gonna make mine hello as my secret key but we do just need to set a secret key I completely forgot that that was actually a necessary step in doing this okay so let me refresh this page now and see what we get actually I got to go back to slash login so let's go to slash login this hopefully should be good now I'm gonna type Tim hit submit and then you can see we're redirected to a page that says Tim and notice again right that I don't pass any information to here about the user we're getting it this session variable so let's go back and let's do something else now so if I close this browser and I open it back up and I go to whatever that link is and then I go to slash user you'll see that it redirects me back to logging well why does it do that because when I close the web browser my session data is actually deleted from the server which means that if I want to go back to the user page I need to create a new session and logging again in this case we'll login with Joe and we see we are redirected to Joe I can go you know to slash home and that will slash home isn't a page but if I go to slash and then I go back to slash user you'll see that it brings me back to Joe because it stored that information in the session so again very useful that is how that works now it's talking about actually clearing a session and logging out so we'll leave that up for now but what I want to do is actually create a login page and show you how you can manually clear session DAP because essentially if someone logs out you probably want to delete all the information associated with their session or at least some of that information so what I'm going to do is set up a new function here so a new page we'll just call this one slash logout like that it's defined logout and all we're gonna do in here is actually remove some data from our session what I'm going to do is say session dot pop and then I'm gonna say user none now what this is gonna do is actually remove the user data from my sessions this is just how you remove it from the dictionary and then this none is just a message that's associated with removing that data I'm not really gonna talk about that because I don't fully understand why we have none here but that's anyways it's not that important so once we log out we will actually return a your redirect to the login page so we'll say URL for in this case login ok awesome now what I want to do is add one more thing to login here we're essentially I check if when we redirect to login here if we're already logged in I just redirect us to the user page otherwise I'm gonna actually redirect us to this login dot HTML form so to do that is pretty easy all I'm gonna say is if user in session which essentially means you know we've signed in then all I need to do is return a redirect to the URL for in this case user and that is as easy as it says so essentially what I've done here is set up a way that we can log in using a session and then we can be redirected to a specific page without sending that information directly to it through a parameter we can display that information we can log out now by popping that session data and then if we go to the login page of our already logged in it's actually going to redirect us to this user page and just show us that information so let's do that now um if I go to slash long out you can see that it redirects us to the login page and now if I were to try to go to back back to slash user we get redirected immediately back to the login page because we're not signed in yet so if we sign in with say Tim there we go we're on the user page and now if I go to slash login you can see it actually just redirects us back to this same page because we're already logged in and then again we can log out brings us the login page and if I go to slash user that's not going to work and that is kind of how we do that now remember that this session dad is actually deleted when I close my browser so I'm gonna show you quickly a way that we can store our session data for longer because what actually happens is this session data is stored in a temporary directory on the server and we can set how long we want that information to be stored for by using something called permanent sessions now what I'm gonna do to set up the permanent session here is define first of all how long I want a permanent session to last so you may have noticed sometimes you know you revisit a website a few days later and you just log in immediately you don't actually have to you know go through the process or maybe your informations already typed in and you just hit login we're gonna some of this information is stored in permanent sessions which means it's storing it for longer than you know however long you're in the web browser so that every time you go back to that web page you can quickly access information that you need and you don't need to log back in so what I'm gonna do is actually just import something here so I'm gonna say from date time import time Delta now the reason I'm doing this is because I want to set up the max time that our session could last for and the way that I do that is app dot and I gotta look up my other screen because I forget what it is permanent session lifetime like that and then it's gonna be equal to time Delta and then you can say days equals and how many days you want this to actually last for let me make sure this is correct so I could say days and I could say five days and if I do this what this means is we're gonna store our permanent session data for five days I can also do something like minutes equals five and if I do that that means we're gonna store our permanent session data for five minutes and then delete it after that now how do we make a session permanent well this is actually pretty easy all we're gonna do is when we log in and we actually have we've got this information we've logged in everything's valid say we've checked this against the database then we can make the session permanent by saying session dot permanent if I could spell this correctly equals true I don't know why that was such a struggle okay so session dot permanent equals true and now this is going to define this specific session as a permanent session which means it's gonna last as long as we've defined up here by default don't do this it sets our session to not permanent so false here and that means it's gonna last for as long as you're actually on the webpage or sorry in your browser so let's see if this is working now believe it is so let's go back to that web page um give it a second here what's our air I guess got a hit enter in the command prompt okay so let's go slash login let's do our name so Tim and then let's actually close this and let's go back to it so paste that in here why is this not working okay and then we'll go to slash login and you can see we are redirected back to this user page because our session data was actually saved permanently so when I actually closed this window it didn't do anything so now let's say logout we've logged out and then obviously now our session data has been removed because we had this session being removed from the logout so that is kind of everything about sessions there's obviously some more stuff that you guys can do with this but this is the basics and just remember sessions are something that you're using temporarily you should never be storing perm data in a session and typically what ends up happening is you'll log in you'll validate some stuff with the database you'll actually grab some information from the database and store that in a session and then whenever you log out you'll remove that information and when you log in again you can load it back in so this is information that you don't really care about but it's just there for quick retrieval and for easy access from different web pages so you don't have to continually read from the database and you also just know some of this information passing between the pages you don't have to send them through you know the URL which is not a secure way to send information so that has been it for this video if you guys enjoyed make sure you leave a like and subscribe and I will see you guys in another one\n"