Flask-Login problems intermittently with ajax

Question

I'm using Ajax to login, using Flask-Login extension. Here's my server side code:

@app.route('/login', methods=["POST"])
def login():
    if current_user.is_authenticated:
        redirect_url = url_for('index')
        return jsonify(loggedIn=True, redirectUrl=redirect_url)

    username = request.form.get('username', '').strip()
    password = request.form.get('password', '').strip()
    user = User.query.filter_by(username=username).first()
    if user and util.encrypt_password(password, user.salt) == user.password:
        logged_in_user = CurrentUser(user)
        login_user(logged_in_user)
        redirect_url = url_for('index')
        return jsonify(loggedIn=True, redirectUrl=redirect_url)
    else:   
        return jsonify(loggedIn=False, error='Invalid Email/Password')

and my client side code:

(function(){
        $login_form = $('#login_form');

        //add validation to form
        if( $login_form.length ){

            $login_form.parsley()
            $login_form.submit(function(e) {
                var url = $(this).attr('action');
                var data = $(this).serialize();

                tryLogin(url, data);
                return false;
            }); 
        }

       function tryLogin(url, data){
        var $submitBtn = $('#login_form__submit');

        //notify user that we are working
        $submitBtn.addClass('btn--loading');

        $.ajax({
            type: 'POST',
            url: url,
            data: data,
            dataType: 'json',
            success: function (data) {
                if (data.loggedIn) {
                    mixpanel.track('login_success');
                    window.location.href = data.redirectUrl || '/';
                } 
             }
         });
      }
});

Not sure what's wrong, I have started seeing this problem lately, and it fails more than 50% of times. In case of failure, it'll just redirect to the new page but no session info exist. All the content is hosted on the same domain.

EDIT: More info: even when the login doesn't work intermittently, the backend does pass the login and frontend receives loggedIn=True and redirectUrl. Seems like issue is with session/cookie being received by the client but not sure why the intermittent issue.

Answer 1

By default, the URL router in Flask only response to GET method. Your are using POST method to make the request in AJAX.

Seems like your view function should handle both GET and POST (when this URL is accessed by a logged-in user, just redirect to index page?)

So you have to explicitly set the methods parameter to @app.route, change this line

@app.route('/login')

to:

@app.route('/login', methods=['GET', 'POST'])

and try again.

If not working, please comment and I'll keep updating.