I'm running a Flask application with Gunicorn as a web server. The whole project is deployed to Heroku.
Procfile
web: gunicorn app:app --log-file=-
Flask sessions are implemented server side, only a session id is stored in the flask.session object.
Whenever I'm trying to do a login, I get logged in correctly at first, but then get redirected to the starting site (which should be the user site).
LoginController.py
def login(form) :
    User.session.set(User.getByLogin(form))
    if User.session.exists() :
        return redirect(Urls.home)
    return redirect(Urls.login)
The log shows that User.session.exists() returns True but in the next method (during the redirect)...
HomeController.py
def view() :
    if User.session.exists() :
        return CourseController.view()
    return render_template("home.html")
...the same method returns False.
User.session object
def exists(self) :
    key = session.get("user_key")
    user = self.users.get(key)
    Log.debug("session::exists", user = user)
    return user is not None
In all following requests the user is randomly logged in or not.
What can be the reason for this? I heard that a too large session object can result in data loss, but I'm only storing integers in it.
Looks like there were two problems:
app.secret_key shouldn't be set to os.urandom(24) because every worker will have another secret keyStoring the sessions in a database instead a dictionary at runtime solves the problem.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With