https://repl.it/@rafrafraf/project-server
https://repl.it/@rafrafraf/Project
I'm basically confused about how to log in a user to my website and know if he is still logged in on page switch while having access to his data from the server.
The two links above are to my code for the server and website. I already have the html for the login and registration complete, I also recieve the auth from the server however I'm not sure what to do after that.
You'd use sessions or JWT - a session is a server side storage of data associated with a secret key that the user has (usually stored as a cookie or in local storage), while a JWT (JSON Web Token) contains signed (by you) data that identifies the user. You decode the content and validate that the signature is correct, then trust the data given.
In Flask you can quickly implement the first option by using Flask-Session, a library for handling sessions transparently for you inside a Flask application.
from flask import Flask, session
from flask.ext.session import Session
app = Flask(__name__)
# Check Configuration section for more details
SESSION_TYPE = 'redis'
app.config.from_object(__name__)
Session(app)
@app.route('/set/')
def set():
session['key'] = 'value'
return 'ok'
@app.route('/get/')
def get():
return session.get('key', 'not set')
You'd associate a value identifying the user to the session when logging the user in, then read that value back in the views that require a user to be logged in. You can further move this into authentication and authorization (i.e. which user have access to which resource), but that goes outside of the scope of an answer here.
Flask-Session supports multiple backends for session data:
null: NullSessionInterface (default)
redis: RedisSessionInterface
memcached: MemcachedSessionInterface
filesystem: FileSystemSessionInterface
mongodb: MongoDBSessionInterface
sqlalchemy: SqlAlchemySessionInterface
Pick one that suits your existing software stack.
