flask-encrypted-cookies-session

Description

A cookie based session for flask relying on Fernet encrypted cookies.

Motivation

flask default session rely on signed cookies. This sometimes is not enough, and encrypted data should be used.

Example : Use cookies to store OAuth2 access tokens without the burden of server side storage.

Usage

Installation

pip install flask-encrypted-cookies-session

Flask application configuration

Private key used to encrypt cookies can be generated with python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key())"

# -*- coding: utf-8 -*-
from flask import Flask, session

from flask_encrypted_cookies_session import EncryptedCookieSession

DEBUG = "True"
ENCRYPTED_COOKIES_SECRET_KEY = (
    "JNJQuYdaUGr8XBSoZNYF9FC-A7RZ7iFqV_KqrCwYr0s="  # Fernet.generate_key()
)
# To rotate your keys:
# ENCRYPTED_COOKIES_SECRET_KEY = "JNJQuYdaUGr8XBSoZNYF9FC-A7RZ7iFqV_KqrCwYr0s=,Dfo2hCeG-S6CeY-_tgJ33gip9rxC2t8qNK0CM0gZlRk="  # [Fernet.generate_key(), Fernet.generate_key()]

app = Flask(__name__)
app.config.from_object(__name__)

# This will replace the default Flask application session interface with the encrypted
# cookie based session
EncryptedCookieSession(app)


@app.route("/set/")
def session_set():
    session["key"] = "value"
    return "ok"


@app.route("/get/")
def session_get():
    return session.get("key", "not set")

Development

poetry is used to manage this project.

poe the poet is used as the task runner of this project. If you don't know what a task runner is, think about an alternative version of a Makefile.

Install project dependencies

$ poetry install

Unit testing

Test with all python versions

$ poe test

Test with a specific python version

$ poe test-py39

F.A.Q

Where can I open an Issue or a Pull Request to contribute ?

The github repository should be used for Issues or contributions.