the login process seems secure . But you didn’t check the potential existing user in the signup form, or existing email address. Unless this is managed by the underlying User schema. And you should require a minimal password complexity.
Read moreHow do you set up a Flask-Login?
Introduction
Read moreWhat is Flask-Login used for?
Flask-Login provides user session management for Flask . It handles the common tasks of logging in, logging out, and remembering your users’ sessions over extended periods of time. It will: Store the active user’s ID in the session, and let you log them in and out easily.
Read moreHow do you create authentication in Python?
Password Authentication using Python
Read moreHow do I add a Login to my Flask?
Add User Registration and Login to Your Flask App
Read moreHow do I secure my Flask app?
By default, the flask framework has no CSRF protection but we can use Flask-WTF extension to enable the CSRF protection . Below is an example of how CSRF protection can be enabled. This will enable CSRF protection globally in the app and we will be protected against CSRF.
Read more