A session with each client is assigned a Session ID. The Session data is stored on top of cookies and the server signs them cryptographically. For this encryption, a Flask application needs a defined SECRET_KEY.
The following code is a simple demonstration of session works in Flask.
from flask import Flask, session, redirect, url_for, escape, request app = Flask(__name__) app.secret_key = 'cairocoders-ednalan0711' @app.route('/') def index(): if 'username' in session: username = session['username'] return 'Logged in as ' + username + '<br>' + \ "<b><a href = '/logout'>click here to log out</a></b>" return "You are not logged in <br><a href = '/login'></b>" + \ "click here to log in</b></a>" @app.route('/login', methods = ['GET', 'POST']) def login(): if request.method == 'POST': session['username'] = request.form['username'] return redirect(url_for('index')) return "<form action = '' method = 'post'> " + \ "<p><input type = text name = username></p> " + \ "<p><input type = submit value = Login></p> " + \ "</form>" @app.route('/logout') def logout(): # remove the username from the session if it is there session.pop('username', None) return redirect(url_for('index')) if __name__ == '__main__': app.run(debug = True)