Reputation: 118
Set a Cookie in flask Redirect to external URL
I want to redirect a user from my flask application to the client application with a header (encoded session object) that the browser can store as a cookie for further requests.
I'm authenticating a user using a different server and on a successful sign-in, he is redirected to my flask application where I set the user in the database and the session object. And, right after this is done, I need the request to be redirected to my client application. So, I use flask.redirect to redirect the user to my client application. Now, for the browser to store the user information, I want to send the session object to the browser as a cookie.
TLDR; This is what I'm trying to do:
- Client reaches content server.
- Client does not have an active session, is redirected to authentication server with a callback to content server.
- Content server creates session and redirects back to Client with session cookie.
- Client reaches Content server.
- Content server verifies session cookie and allows access to client.
Authentication is on a separate server, but the content server and client both need to keep track of the session via a cookie. The part I'm unable to do is make the Client (localhost:3000) keep track of the session.
The following is what I tried:
resp = flask.make_response()
resp.set_cookie('Set-Cookie', 'this is the session cookie I want the browser to set for further requests')
return flask.redirect('http://localhost:3000/', Response=resp)
This gives me the error:
File "/home/shaily/.virtualenvs/venv/lib/python3.6/site-packages/werkzeug/utils.py", line 507, in redirect
mimetype="text/html",
TypeError: __call__() got an unexpected keyword argument 'mimetype'
Is there an alternative or a way I can fix this?
Upvotes: 4
Views: 4899
Answers (2)
Reputation: 118
According to how sessions are implemented in flask, on making any changes to the session object during the lifecycle of an http request, the encoded session object is sent as a cookie in the http response to this request. So, I no longer need to explicitly send it.
I was unable to read the cookie in my client application using document.cookie since by default, session cookies are httpOnly, i.e., they cannot be accessed via javascript applications, for security reasons. What httpOnly does let you do is let your browser store the cookie for further http requests to the server. If for some reason, you still want to read the session cookie in javascript, you cant set SESSION_COOKIE_HTTPONLY to False in your server config.
To send a cookie with an http response, this solution worked well for me: In Flask, set a cookie and then re-direct user
Upvotes: 1
Reputation: 41
"redirect functionality" can refactored in the following way.
resp = redirect("http://localhost:5001")
resp.set_cookie('a', 'x')
return resp
Referring a comment on this question, we can't pass 'Response' objects to redirect. Response has to be another Class (useful when a wrapper class of werkzeug.Response) as written here.
Upvotes: 4
Related Questions
- How to set cookie in Python Flask?
- flask Set Cookie for every response
- Setting a cookie in flask
- Sending cookies between Flask and javascript and using Flask-session
- How to set a cookie and redirect the user to another url logged in?
- In Flask, set a cookie and then re-direct user
- How to set an HTTPONLY cookie in Flask
- Flask Login/Session without cookies?
- Flask: Set session cookie based on domain name
- Flask: Set session variable from URL Param