Efficient session variable server-side caching with Python+Flask
Asked Answered
I

2

9

Scenario:

  • Major web app w. Python+Flask
  • Flask login and Flask.session for basic session variables (user-id and session-id)

Flask.session and limitations? (Cookies)

  • Cookie based and basically persist only at the client side.

  • For some session variables that will be regularly read (ie, user permissions, custom application config) it feels awkward to carry all that info around in a cookie, at every single page request and response.

Database is too much?

  • Since the session can be identified at the server side by introducing unique session id at login, some server-side session variable management can be used. Reading this data at the server side from a database also feels like unnecessary overhead.

Question

  • What is the most efficient way to handle the session variables at the server side?

Perhaps that could be a memory-based solution, but I am worried that different Flask app requests could be executed at different threads that would not share the memory-stored session data, or cause conflicts in case of simultaneous reading-writing.

  • I am looking for advice and best practice for planning the basic level architecture.
Incendiarism answered 1/9, 2013 at 19:18 Comment(2)
not sure about your precise situation but there's a plugin called Flask-KVSession which is a drop-in server-side replacement for flask's built-in cookie-based sessions and sounds like it may be amenable to your needs.Lancet
Flask-Caching is what you need, look bellowHelical
H
3

Flask-Caching

What you need is a server-side caching package that's Flask-Caching.

A simple setup:

from flask import Flask
from flask_caching import Cache

app = Flask(__name__)
app.config['CACHE_TYPE'] = 'SimpleCache' 
cache = Cache(app)

Then a explicitly use of a cached variable:

@app.route('/')
def load():
    cache.set("foo", foo)
    bar = cache.get("foo")

There is much more in Flask-Caching and that's the recommended approach by Flask. In case of a multithread server with gunicorn from here you better use ['CACHE_TYPE'] = 'FileSystemCache'

Helical answered 9/11, 2021 at 18:39 Comment(0)
O
2

Your instinct is correct, it's probably not the way to do it.

Session data should only be ephemeral information that is not too troublesome to lose and recreate. For example, the user will just have to login again to restore it.

Configuration data or anything else that's necessary on the server and that must survive a logout is not part of the session and should be stored in a DB.

Now, if you really need to easily keep this information client-side and it's not too much of a problem if it's lost, then use a session cookie for logged in/out state and a permanent cookie with a long lifespan for the rest of the configuration information.

If the information is too much size-wise, then the only option I can think of is to store the data, other than the logged in/out state, in a DB.

Ordovician answered 22/2, 2014 at 4:29 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.