I'm running a Flask application with Gunicorn as a web server. The whole project is deployed to Heroku.
Procfile
web: gunicorn app:app --log-file=-
Flask sessions are implemented server side, only a session id is stored in the flask.session
object.
Whenever I'm trying to do a login, I get logged in correctly at first, but then get redirected to the starting site (which should be the user site).
LoginController.py
def login(form) :
User.session.set(User.getByLogin(form))
if User.session.exists() :
return redirect(Urls.home)
return redirect(Urls.login)
The log shows that User.session.exists()
returns True
but in the next method (during the redirect)...
HomeController.py
def view() :
if User.session.exists() :
return CourseController.view()
return render_template("home.html")
...the same method returns False
.
User.session object
def exists(self) :
key = session.get("user_key")
user = self.users.get(key)
Log.debug("session::exists", user = user)
return user is not None
In all following requests the user is randomly logged in or not.
What can be the reason for this? I heard that a too large session
object can result in data loss, but I'm only storing integers in it.
Looks like there were two problems:
app.secret_key
shouldn't be set toos.urandom(24)
because every worker will have another secret keyStoring the sessions in a database instead a dictionary at runtime solves the problem.