Styjun

Would a completely good Muggle be able to use a wand?

is it ok to reduce charging current for li ion 18650 battery?

Easy to Read Palindrome Checker

Is French Guiana a (hard) EU border?

Why does standard notation not preserve intervals (visually)

Rotate a column

Won the lottery - how do I keep the money?

Would this house-rule that treats advantage as a +1 to the roll instead (and disadvantage as -1) and allows them to stack be balanced?

Why isn't acceleration always zero whenever velocity is zero, such as the moment a ball bounces off a wall?

No sign flipping while figuring out the emf of voltaic cell?

Example of a Mathematician/Physicist whose Other Publications during their PhD eclipsed their PhD Thesis

Why do remote US companies require working in the US?

Can a Bladesinger Wizard use Bladesong with a Hand Crossbow?

Domestic-to-international connection at Orlando (MCO)

A Man With a Stainless Steel Endoskeleton (like The Terminator) Fighting Cloaked Aliens Only He Can See

RigExpert AA-35 - Interpreting The Information

If Nick Fury and Coulson already knew about aliens (Kree and Skrull) why did they wait until Thor's appearance to start making weapons?

What is the value of α and β in a triangle?

Can we say or write : "No, it'sn't"?

Break Away Valves for Launch

Running a General Election and the European Elections together

Are police here, aren't itthey?

Why this way of making earth uninhabitable in Interstellar?

Why the difference in type-inference over the as-pattern in two similar function definitions?

Is it a security threat to use Flask sessions to authenticate users? [duplicate]

0

This question already has an answer here:

• 
  SESSION_COOKIE_SECURE does not encrypt session
  
  1 answer
  
  


• 
  How does Flask Sessions work?
  
  1 answer
  
  


• 
  Is it safe to store User ID within the Flask session?
  
  1 answer
  
  

I'm using Flask session to check whether a user has correctly entered a password. When a user enters a password right, I set session["authenticated"] = True. I have a login page that looks like the following:

@app.route('/', methods=["GET", "POST"])
def login():
 if request.method == 'POST':
 if request.form["password"] == "secret_password":
 session["authenticated"] = True
 session.permanent = True
 return redirect(url_for('dashboard'))
 else:
 return redirect(url_for('login'))

 elif request.method == 'GET':
 return render_template("login.html")

In the main page view, I check whether session["authenticated"] is True.

Is this a safe way to authenticate people? Is it possible for a malicious user to simply set their session cookie's "authenticated" field to True?

I understand that cookie's are cryptographically secure. But does this include my set up?

python security authentication flask

share|improve this question

edited Mar 21 at 17:56

echo

asked Mar 21 at 17:55

echoecho

1104

marked as duplicate by davidism flask
Users with the  flask badge can single-handedly close flask questions as duplicates and reopen them as needed.

StackExchange.ready(function()
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function()
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function()
$hover.showInfoMessage('',
messageElement: $msg.clone().show(),
transient: false,
position: my: 'bottom left', at: 'top center', offsetTop: -7 ,
dismissable: false,
relativeToBody: true
);
,
function()
StackExchange.helpers.removeMessages();

);
);
);
Mar 21 at 17:56

This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.

add a comment | 

0

This question already has an answer here:

• 
  SESSION_COOKIE_SECURE does not encrypt session
  
  1 answer
  
  


• 
  How does Flask Sessions work?
  
  1 answer
  
  


• 
  Is it safe to store User ID within the Flask session?
  
  1 answer
  
  

I'm using Flask session to check whether a user has correctly entered a password. When a user enters a password right, I set session["authenticated"] = True. I have a login page that looks like the following:

@app.route('/', methods=["GET", "POST"])
def login():
 if request.method == 'POST':
 if request.form["password"] == "secret_password":
 session["authenticated"] = True
 session.permanent = True
 return redirect(url_for('dashboard'))
 else:
 return redirect(url_for('login'))

 elif request.method == 'GET':
 return render_template("login.html")

In the main page view, I check whether session["authenticated"] is True.

Is this a safe way to authenticate people? Is it possible for a malicious user to simply set their session cookie's "authenticated" field to True?

I understand that cookie's are cryptographically secure. But does this include my set up?

python security authentication flask

share|improve this question

edited Mar 21 at 17:56

echo

asked Mar 21 at 17:55

echoecho

1104

marked as duplicate by davidism flask
Users with the  flask badge can single-handedly close flask questions as duplicates and reopen them as needed.

StackExchange.ready(function()
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function()
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function()
$hover.showInfoMessage('',
messageElement: $msg.clone().show(),
transient: false,
position: my: 'bottom left', at: 'top center', offsetTop: -7 ,
dismissable: false,
relativeToBody: true
);
,
function()
StackExchange.helpers.removeMessages();

);
);
);
Mar 21 at 17:56

This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.

add a comment | 

This question already has an answer here:

• 
  SESSION_COOKIE_SECURE does not encrypt session
  
  1 answer
  
  


• 
  How does Flask Sessions work?
  
  1 answer
  
  


• 
  Is it safe to store User ID within the Flask session?
  
  1 answer
  
  

I'm using Flask session to check whether a user has correctly entered a password. When a user enters a password right, I set session["authenticated"] = True. I have a login page that looks like the following:

@app.route('/', methods=["GET", "POST"])
def login():
 if request.method == 'POST':
 if request.form["password"] == "secret_password":
 session["authenticated"] = True
 session.permanent = True
 return redirect(url_for('dashboard'))
 else:
 return redirect(url_for('login'))

 elif request.method == 'GET':
 return render_template("login.html")

In the main page view, I check whether session["authenticated"] is True.

Is this a safe way to authenticate people? Is it possible for a malicious user to simply set their session cookie's "authenticated" field to True?

I understand that cookie's are cryptographically secure. But does this include my set up?

python security authentication flask

share|improve this question

edited Mar 21 at 17:56

echo

asked Mar 21 at 17:55

echoecho

1104

@app.route('/', methods=["GET", "POST"])
def login():
 if request.method == 'POST':
 if request.form["password"] == "secret_password":
 session["authenticated"] = True
 session.permanent = True
 return redirect(url_for('dashboard'))
 else:
 return redirect(url_for('login'))

 elif request.method == 'GET':
 return render_template("login.html")

share|improve this question

edited Mar 21 at 17:56

echo

asked Mar 21 at 17:55

echoecho

1104

share|improve this question

edited Mar 21 at 17:56

echo

asked Mar 21 at 17:55

echoecho

1104

asked Mar 21 at 17:55

echoecho

1104

asked Mar 21 at 17:55

echoecho

1104