Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Session workaround in case cookie is disabled #586

adsahay opened this Issue · 4 comments

2 participants


I'm trying to make an HTML5 app which is intended to work everywhere(!!). In iOS when a web app is added to the home screen, the resulting standalone app doesn't allow cookies, nor is there an option for the user to enable them.

I'm using server-side sessions (on redis), and in this scenario I'm contemplating appending some sort of auth token to every url request (maybe as a header, say, X-MYTOKEN), which will be stored on the client using localStorage after it is generated after a successful login. Later on a logout or a timeout would invalidate this token on the server side, and the localStorage value would get rewritten on the subsequent login.

Can you weigh in on this approach, or suggest something better?


(Based on IRC chat, I'm going ahead with a random-token-per-user-in-url approach)


What about subclassing flask.sessions.SessionInterface?
Find out more at:
You could have a function, registered with teardown_request or similar signals, that access your custom SessionInterface and writes some JavaScript bits at the start of HTML document, to write session data in LocalStorage.
This is how I would do, but I'm pretty new at this things... You can do it better (A custom Jinja tag?).


Never going to happen just because of the security problems with it.

@mitsuhiko mitsuhiko closed this

There is btw an implementation for that on github:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.