Creating user sessions
Assigning an uncompromised value to Flask’s SECRET_KEY
built-in configuration variable pushes the Session
context into the platform. Here are the ways to generate the secret key:
- Apply the
uuid4()
method from theuuid
module. - Utilize any
openssl
utility. - Use the
token_urlsafe()
method from thesecrets
module. - Apply encryption tools such as AES, RSA, and SHA.
Our three applications include a separate Python script that runs the token_urlsafe()
method to generate a random key string with 16 random bytes for the SECRET_KEY
environment variable. The following snippet shows how our applications set the secret key with the app
instance:
(config_dev.toml) SECRET_KEY = "SpOn1ZyV4KE2FTlAUrWRZ_h7o5s" (main.py) app = Flask(__name__, template_folder='../app/pages', static_folder='../app/resources') app.config.from_file("config_dev.toml", toml.load)
Since our application loads the config_dev.toml...