[Flask] transfer login status to another flask application
Patrick Rieser
patrick.rieser at outlook.com
Sat Nov 5 18:23:27 EDT 2016
Hey everybody,
I wonder if there is a way to transfer the login status of a user to another flask application. Consider the a typical login process:
a) User visits login.domain and puts in his credentials
b) flask application at login.domain takes this credentials and sends the user and password to the internal api with the user and password
c) The api hashes the password and compares it to the database and if valid an api token that simply consists of the username is generated and sent as a response (to increase the security of the internal api)
d) login application verifies the login and a login cookie is generated (all with running flask-login) and then stores the token in the flask session to easily access the api
e) login application redicets to another flask application (e.g. project_0) and tells this application that the user is already logged in and passes the api token (and the login status)
So a) through d) are perfectly fine, but I don't really have any clue how to accomplish e), especially how the other application (project_0) can be made aware in a secure way that the user is already logged in, i.e. somehow copy the login cookie or generate a new one. Any help, clues or pointers are greatly appreciated!
With kind regards,
Patrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20161105/e46b5645/attachment.html>
More information about the Flask
mailing list