Also: What would happen if the actual session data is kept in server side sessions using https://pythonhosted.org/Flask-Session/, e.g. on Redis? (Only a session ID is in the cookie)
The cookie would be of course invalid, from Flasks perspective. Does it delete the cookie automatically? Does Flask Session also delete the corresponding Redis entry?
---- EDIT: (upon marked as duplicated):-----
I'm sorry but i assume that this is not exactly duplicate. I knew the referenced question before. Unfortunately it does not answer how the internal sessions are invalidated and whether server side sessions are invalidated accordingly by the referenced Flask Session library. The other question does not consider any behaviour for server side session invalidation.
Also, the other questions seems to propose changing the key, which i do not. Although the necessity might ensue in case of a key leak. In that case it might be interesting what in detail happens to client side cookies + server side sessions.
