Simple session-based authentication
In session-based authentication, when the user logs in for the first time, the user details are set in the session of the application's server side and stored in a cookie on the browser. After that, when the user opens the application, the details stored in the cookie are used to check against the session, and the user is automatically logged in if the session is alive.
Note
SECRET_KEY
should always be specified in your application's configuration; otherwise, the data stored in the cookie as well as the session on the server side will be in plain text, which is highly unsecure.
We will implement a simple mechanism to do this ourselves.
Tip
The implementation done in this recipe is only to explain how authentication basically works at a lower level. This approach should not be adopted in any production-level application.
Getting ready
We can start with a Flask app configuration as seen in Chapter 5, Webforms with WTForms. The application's configuration will...