TL, DR: Two Flask apps, Authenticator and Main, are on separate containers but have the same origin thanks to a reverse proxy (Traefik). Authenticator successfully gets the authentication token, saves it to the session dictionary in Authenticator. The same-origin policy tells me that browser would send the session dictionary as a cookie upon redirect to Main, but the session dictionary in Main remains empty afterwards. The session dictionary in Main doesn't update although the session (hash?) value in the Main cookie is identical to that of Authenticator, i.e., cookies are sent to both. (I tried with dummy cookies and they got sent). How do I force session in Main to update?
Fuller Explanation
I have two Flask applications (authenticator and main) each running in a Docker container. The two containers live behind a reverse proxy (Traefik) so that localhost routes to main, localhost/authenticate || localhost/getAToken to authenticator. The authenticator successfully communicates with MSAL to obtain the authentication token, which I save in the session dict, i.e., the following (AAD redirect_uri points to here, in authenticator) works:
# authenticator app
cache = _load_cache()
result = _build_msal_app(cache=cache).acquire_token_by_auth_code_flow(
session.get("flow", {}), request.args)
session["user"] = result.get("id_token_claims")
_save_cache(cache)
...
resp = make_response(redirect("http://localhost")) # goes to main
However, on main's side of things, the session dictionary is empty, although it seems that the cookies are behaving properly wrt the same origin policy: request.cookies['session'] in main and authenticator are identical and setting a non-Session cookie is accessible to both web apps.
# main app (index)
...
if not session.get("user"):
return redirect("http://localhost/authenticate") # goto authenticator
...
How do I force the Sessions dict in the main app to update its values? Or, would it make more sense to use a Redis store, e.g., to handle Session information?
Related Questions
- https://stackoverflow.com/a/42888376 I'm basically implementing the first mechanism proposed in this soln.
- Share session data between Flask apps in separate Docker containers that are served using a reverse proxy (has no soln)
