You'd use sessions or JWT - a session is a server side storage of data associated with a secret key that the user has (usually stored as a cookie or in local storage), while a JWT (JSON Web Token) contains signed (by you) data that identifies the user. You decode the content and validate that the signature is correct, then trust the data given.
In Flask you can quickly implement the first option by using Flask-Session, a library for handling sessions transparently for you inside a Flask application.
from flask import Flask, session
from flask.ext.session import Session
app = Flask(__name__)
# Check Configuration section for more details
SESSION_TYPE = 'redis'
app.config.from_object(__name__)
Session(app)
@app.route('/set/')
def set():
session['key'] = 'value'
return 'ok'
@app.route('/get/')
def get():
return session.get('key', 'not set')
You'd associate a value identifying the user to the session when logging the user in, then read that value back in the views that require a user to be logged in. You can further move this into authentication and authorization (i.e. which user have access to which resource), but that goes outside of the scope of an answer here.
Flask-Session supports multiple backends for session data:
null: NullSessionInterface (default)
redis: RedisSessionInterface
memcached: MemcachedSessionInterface
filesystem: FileSystemSessionInterface
mongodb: MongoDBSessionInterface
sqlalchemy: SqlAlchemySessionInterface
Pick one that suits your existing software stack.