Authentication in Backend

Does Flask Generate a Session If No Session Data Is Set?

Shubham Agrawal's photo
Shubham Agrawal
·

4 min read

In this article, I will answer this question with the help of python (flask) code.

No, Flask does not generate a session unless you explicitly store something in the session.

How Flask Handles Sessions

  1. When a request is made on a web app, Flask does not create a session automatically.

  2. A session is only generated when you store data in session.

  3. If no session data is set, Flask does not create a session cookie, meaning no session is generated.

To demonstrate this, let’s create a simple web app. Our app will look like:-

Flow of the app will be:-

  • When you visit / or /home, you will land at the home page.

  • When you visit /about, you will land at the about page.

  • When you visit /contact, you will land at the contact page.

  • When you visit /products, you will arrive at the products page.

  • When you click on the Sign In button, a sign-in form will open.

Now open VS Code and set up the folders and files as shown below:-

index.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Web App</title>
    <style>
        .navbar {
            display: flex;
            align-items: baseline;
            column-gap: 15px;
            background-color: antiquewhite;
        }

        h2 {
            margin: 0;
        }

        a {
            text-decoration: none;
        }
    </style>
</head>
<body>
    <div class="navbar">
        <h2>MyApp</h2>
        <a href="{{ url_for('home') }}">Home</a>
        <a href="{{ url_for('about') }}">About</a>
        <a href="{{ url_for('contact') }}">Contact</a>
        <a href="{{ url_for('products') }}">Products</a>
        <a href="{{ url_for('login') }}"><button>Sign In</button></a>
    </div>
    <hr>

    {% block content %}
    {% endblock %}

</body>
</html>

home.html

{% extends "index.html" %}

{% block content %}
<main>
    <h3>You are at the home page!!</h3>
</main>
{% endblock %}

about.html

{% extends "index.html" %}

{% block content %}
<main>
    <h3>You are at the About page!!</h3>
</main>
{% endblock %}

contact.html

{% extends "index.html" %}

{% block content %}
<main>
    <h3>You are at the Contact page!!</h3>
</main>
{% endblock %}

products.html

{% extends "index.html" %}

{% block content %}
<main>
    <h3>Below are the products that we offer.</h3>
    <ul>
        <li>Sofas</li>
        <li>Chairs</li>
        <li>Tables</li>
        <li>Swings</li>
    </ul>
</main>
{% endblock %}

login.html

{% extends "index.html" %}

{% block content %}
<main>
    <h3>Please fill the below form to sign-in!!</h3>
    <form action="{{ url_for('login') }}" method="post">
        <div>
            <label for="username">Username</label>
            <input type="text" id="username" name="username">
        </div>
        <div>
            <label for="password">Password</label>
            <input type="password" id="password">
        </div>
        <div>
            <button type="submit">Submit</button>
        </div>
    </form>
</main>
{% endblock %}

Let’s check whether a session is generated when no session data is stored.

app.py

from flask import Flask, session, request, render_template

app = Flask(__name__)
app.config["SECRET_KEY"] = "supersecretkey"  # Required for session security

@app.route('/')
@app.route('/home')
def home():
    print("===============", session)
    return render_template('home.html')


@app.route('/about')
def about():
    return render_template('about.html')


@app.route('/contact')
def contact():
    return render_template('contact.html')


@app.route('/products')
def products():
    return render_template('products.html')


@app.route('/login')
def login():
    return render_template('login.html')



if __name__ == '__main__':
    app.run(debug=True)

Now open the flask server and visit the web app by clicking the link http://127.0.0.1:5000/. You will arrive at the home page.

Here, we will find that no session has been created by the server. Here’s how you can confirm the same.

Upon checking the console, it is confirmed that we have not stored any session data.

Open the Cookies section under the "Application" tab in the developer tools. You will not find any cookie having ‘session‘ as its key.

Now, let’s store something in the session when the user visits the web app for the very first time and check again.

app.py

from flask import Flask, session, request, render_template

app = Flask(__name__)
app.config["SECRET_KEY"] = "supersecretkey"  # Required for session security

@app.route('/')
@app.route('/home')
def home():
    # set session data as soon as a user visits the web app
    session['username'] = 'shubham'
    print("===============", session)
    return render_template('home.html')


@app.route('/about')
def about():
    return render_template('about.html')


@app.route('/contact')
def contact():
    return render_template('contact.html')


@app.route('/products')
def products():
    return render_template('products.html')


@app.route('/login')
def login():
    return render_template('login.html')



if __name__ == '__main__':
    app.run(debug=True)

Upon checking the console, it is confirmed that we have stored session data.

Open the Cookies section under the "Application" tab in the developer tools. You will find session ID.

Thank you for your time! 😊

Connect with me:- LinkedIn

Flask FrameworkPython 3Backend DevelopmentWeb Session