Flask session id

The session object of the flask package is used to set and get session data. The session object works like a dictionary but it can also keep track modifications. When we use sessions the data is stored in the browser as a cookie . The cookie used to store session data is known session cookie.

In order to store data across multiple requests, Flask utilizes cryptographically-signed cookies (stored on the web browser) to store the data for a session . This cookie is sent with each request to the Flask app on the server-side where it’s decoded.

Unlike cookies, Session (session) data is stored on the server. The session is the interval at which the client logs on to the server and logs out the server . The data that is required to be saved in the session is stored in a temporary directory on the server.

Many times I hear people say that user sessions in Flask are encrypted, so it is safe to write private information in them. Sadly, this is a misconception that can have catastrophic consequences for your applications and, most importantly, for your users .