0

I have a Flask web application that is currently deployed on AWS Elastic Beanstalk with a configured Classic Load Balancer.

My issue is that my sessions do not seem to be persistent, as I had originally implemented session based auth, but when the frontend was deployed and hitting my API, sessions would not persist and users could never stay logged in.

I had intended to switch to token based auth, so that is what I did, and I avoided the session issue.

Fast forward, and I have now implemented OAuth1 using Flask-OAuthlib but unfortunately, this lib uses sessions to maintain the OAuth1 provider token secret.

I attempted to enable Duration-Based Session Stickiness via the AWS console for my Classic Load Balancer, but that seemingly did not resolve the issue.

The specific line of code that is causing me trouble is here.

Might there be a way to make this OAuth1 code stateless and not require the session?

Might I be configuring something wrong for my sessions, or missing a simple fix?

Any help would be very much appreciated.

Alpenglow
  • 173
  • 1
  • 17
  • I assume you are using a load balanced environment with multiple servers? Have you tried enabling "sticky sessions" on the load balancer? – Mark B Aug 25 '16 at 15:37
  • @MarkB yes, I enabled duration-based sticky sessions for the load balancer via the AWS console – Alpenglow Aug 25 '16 at 15:45
  • Can you explain more what you mean by persistent sessions then? You want the user sessions to survive a server restart? – Mark B Aug 25 '16 at 16:18
  • @MarkB Perhaps I'm using wrong terminology. Sessions don't appear to be lasting at all. The Flask-OAuthlib is storing the OAuth token secret in the session, and when it goes to pop the OAuth token secret back out of the session, for use when we get the OAuth token response, it doesn't exist in the session. – Alpenglow Aug 25 '16 at 16:26
  • Either you don't have sticky sessions configured properly, and the user's requests are going to different servers, or you have something wrong with your web server configuration that is preventing it from storing session data. – Mark B Aug 25 '16 at 16:31

0 Answers0