Flask-Login - How to get Session ID

Question

Am doing a project with Flask, Gevent and web socket using flask development server environment. I used flask_login. Here

how can get i get the Unique Session ID for each connection?
I want to store the SessionID in the Database and delete it once client disconnects.

How to get total active connections

from flask_login import * 
login_manager = LoginManager()
login_manager.setup_app(app)

@app.route("/", methods=["GET", "POST"]) 
def login():
    login_user([username], remember):    

@app.route("/logout") 
@login_required 
def logout(): 
    logout_user()

You want a session id for each _connection_ or each _logged in user_? — Burhan Khalid, Mar 01 '13 at 11:04
hi Burhan, I need for each logged In User. Thanks in advance brother. — user2104391, Mar 01 '13 at 11:26

score 29 · Answer 1 · answered Mar 03 '13 at 15:51

There is no session id.

Sessions in Flask are simply wrappers over cookies. What you save on it it's digitally signed and sent as a cookie to the client. When you make a request, that cookie is sent to your server and then verified and transformed in a Python object.

AFAIK, Flask-Login saves on the session the user ID.

To get total active connections, you can:

At login, generate an unique id and save it on the session (flask.session['uid'] = uuid.uuid4(), for example), then save it on your database.
At logout, delete that unique id from the session (del flask.session['uid']) and also from your database.
Retrieve the count of active sessions using your favourite method (ORM/Raw SQL)

Session id is the content of the cookie and you can get it from session.sid — Chris Koston, Jul 06 '17 at 20:57

score 0 · Answer 2 · answered Apr 19 '17 at 20:41

0

The session id is in: flask.session['_id']

answered Apr 19 '17 at 20:41

Matt

3,682
1
21
27

2

`flask.session['_id']` is used by Flask-Login to implement [Session Protection](https://flask-login.readthedocs.io/en/latest/#session-protection). "Standard" Flask sessions do not have an SID. – turdus-merula Aug 27 '17 at 21:10

score 0 · Answer 3 · answered Jul 05 '23 at 08:31

As gioi explained, the session id is only the user id inside a signed cookie. This makes it really tricky to perform what your second question says (invalidating a session)

As an alternative to gioi's answer (but pretty similar), you can also replace Flask's Session implementation with one of your own, as explained in Flask docs.

This way, you could make a server-side implementation of Flask's Session and directly save the session id in the database.

Your implementation could generate a random session id cookie for each user which is associated with a user in your database (the database stores the session data, therefore it is a server-side implementation), and, through an ORM approach, Flask-Login would get the user id from there. There's also a config file which allows you to change from which attribute to get the user id, in case your column doesn't have the same name.

As an easier approach, you can also have a look at Flask-Session which already implements some of this server-side sessions.

Another option (but a bit hacky to my way of thinking) would be using Flask's request_loader callback instead of the traditional user_loader callback to load the Session ID. You could then create your own cookie to store the session ID and Flask-Login would retrieve it from there with the request_loader callback.

Flask-Login - How to get Session ID

3 Answers3

Linked

Related