Reputation: 869
How can a session cookie from Flask-0.10 be deserialized manually?
I have the raw value of a session cookie from a Flask-0.10 application. I need to read the session in another application that is not using Flask, so I don't have access to the session proxy.
In Flask-0.9 I could do the following:
session = SecureCookieSession.unserialize(cookie, app.secret_key)
However, this method no longer exists in Flask-0.10. How can I read the cookie data now?
Upvotes: 2
Views: 2315
Answers (1)
Reputation: 127190
Flask-0.10 switched to itsdangerous for serializing the session. See the relevant source code for how the session is read in Flask.
If you have a session serialized by Flask's default session interface, you can read it manually as follows.
Assuming your secret key is 'dev', the session data {'hello': 'world'} is serialized to
'eyJoZWxsbyI6IndvcmxkIn0.BwEv5w.o3gYYutryNy7di1E3LbJZbCFGfY'.
from hashlib import sha1
from flask.sessions import session_json_serializer
from itsdangerous import URLSafeTimedSerializer
s = URLSafeTimedSerializer(
'dev', salt='cookie-session',
serializer=session_json_serializer,
signer_kwargs={'key_derivation': 'hmac', 'digest_method': sha1}
)
session_data = s.loads('eyJoZWxsbyI6IndvcmxkIn0.BwEv5w.o3gYYutryNy7di1E3LbJZbCFGfY')
assert session_data['hello'] == 'world' # True
Upvotes: 7
Related Questions
- Read Flask Session Cookie
- flask Set Cookie for every response
- Generating signed session cookie value used in Flask
- Check for a cookie with Python Flask
- How to store cookies received from a request?
- Flask, setting JSON in a cookie, and decoding it on the client (in javascript)
- Previously-set request cookies returns None in a Flask application
- Removing Session cookie in Flask & Flask-Login
- Flask session does not JSON serialize cookie
- how does flask get the value back from session cookies?