Flask-session-mysql is a package that enhances the security and usability of Flask sessions by storing them in a MySQL database. This server-side storage ensures that no sensitive data is exposed, prioritizing security.
The functioning of this package is straightforward. When a session is generated or data is stored (in cookies), Flask typically stores this information in a base64-encoded format within the browser's session cookies. However, this approach can be both vulnerable and unsafe.
To enhance security, this package generates a unique 64-character UUID (Universally Unique Identifier) code. This ensures that the cookies used for sessions are both secure and resistant to vulnerabilities, significantly improving the overall security of your application and making your life easier.
Which if you decode
eyJoZWxsbyI6IndvcmxkIn0.ZQxasQ.KgRPUWvqZ57ccAWwd9qzOdAa9dg ---> {"hello":"world"}�C�@�=E{q�j@k` (Pretty unsafe)
As you see this is more secure and better for production development feel free to report any issues or suggestions!
pip install flask-session-mysqlor with git
git clone https://github.com/Fabioblyk/flask-session-mysql
python setup.py installHow to use it?
from flask import Flask, session
from flask_session_mysql import MysqlSession
app = Flask(__name__)
app.secret_key = 'some_pretty_cool_secret_key_here'
app.config['MYSQL_SESSION_HOST'] = 'localhost'
app.config['MYSQL_SESSION_USERNAME'] = 'root'
app.config['MYSQL_SESSION_PASSWORD'] = ''
app.config['MYSQL_SESSION_DATABASE'] = 'test'
MysqlSession(app)
@app.route('/example')
def example():
session['hello'] = 'world'
return "Hello World"
app.run(port=5555)NOTE: Make sure you config the mysql data before binding it or it won't work First configuration then binding!