The browser will never send secure cookies with requests that are not encrypted . With Flask, you can control the secure flag on the session cookie with the SESSION_COOKIE_SECURE configuration setting. By default, it is set to False , which makes the session cookie available to both HTTP and HTTPS connections.
Read moreWhat is Flask-Login used for?
Flask-Login provides user session management for Flask . It handles the common tasks of logging in, logging out, and remembering your users’ sessions over extended periods of time. It will: Store the active user’s ID in the session, and let you log them in and out easily.
Read moreIs Flask-Login safe?
the login process seems secure . But you didn’t check the potential existing user in the signup form, or existing email address. Unless this is managed by the underlying User schema. And you should require a minimal password complexity.
Read moreHow do you set up a Flask-Login?
Introduction
Read more