Flask session not persistent across requests in Flask app with Gunicorn on Heroku
Question
I'm running a Flask application with Gunicorn as a web server. The whole project is deployed to Heroku.
Procfile
web: gunicorn app:app --log-file=-
Flask sessions are implemented server side, only a session id is stored in the flask.session object. Whenever I'm trying to do a login, I get logged in correctly at first, but then get redirected to the starting site (which should be the user site).
LoginController.py
def login(form) :
User.session.set(User.getByLogin(form))
if User.session.exists() :
return redirect(Urls.home)
return redirect(Urls.login)
The log shows that User.session.exists() returns True but in the next method (during the redirect)...
HomeController.py
def view() :
if User.session.exists() :
return CourseController.view()
return render_template("home.html")
...the same method returns False .
User.session object
def exists(self) :
key = session.get("user_key")
user = self.users.get(key)
Log.debug("session::exists", user = user)
return user is not None
In all following requests the user is randomly logged in or not.
What can be the reason for this? I heard that a too large session object can result in data loss, but I'm only storing integers in it.
3 answers
solution1
10 2015-06-23 12:01:09
Looks like there were two problems:
- The
app.secret_keyshouldn't be set toos.urandom(24)because every worker will have another secret key - For some reason the dict where I stored my sessions in was sometimes empty and sometimes not... Still haven't found the reason for this though
Storing the sessions in a database instead a dictionary at runtime solves the problem.
solution2
0 2019-07-25 20:34:16
I had a similar issue, but for me the answer was related to the cookies. A new session was being created when I opened my development environment, then another one when going to google, and a new one after a successful log in.
The problem was that my SESSION_COOKIE_DOMAIN was incorrect, and the cookie domain was being set to a different host. For my local development purposes I set SESSION_COOKIE_DOMAIN = '127.0.0.1', and use http://127.0.0.1 : to access it, and it works OK now.
solution3
0 2021-09-28 22:21:20
I had the same issue, while working locally worked, but on the server nothing did.
Found out when I changed 'app.secret_key' from a "my_secret_key" to os.urandom(24) with one my test user Was always in the session, with the other was never set in the session. reading several pages i did try adding a name to the cookie
app.config['SECRET_KEY'] = os.urandom(24)
# this is important or wont work
app.config['SESSION_COOKIE_NAME'] = "my_session"
now it works as is expected and i can log in, go to other webpages, and log out will remove the keys from the session.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.