The SECRET_KEY and Signed Cookies
How Flask signs session data securely.
Where Sessions Live
By default Flask stores the whole session inside a cookie in the user's browser, not on your server. That has big implications.
The Tampering Problem
If data lives in the browser, a user could edit it. Flask stops that by signing the cookie so changes are detectable.
All lessons in this course
- Set and Read the session Dict
- The SECRET_KEY and Signed Cookies
- Set Custom Cookies on a Response
- Flash Messages Between Requests