Doubts regarding Server side session using caching or cookie based sessions

Question

I am pretty new to web development. I am working with Flask, Sqlalchemy and Postgresql.

As far as I have understood, every new request is like a new thread of the program. New sqlalchemy session is created using which we manage our db operations and return a response. After that new thread is also closed and connections returned to the pool.

I login a user and get all user data in an user orm object. I stored it in flask session variable which uses cookie. Now I also want to save some other user related data for the span of whole user session not a request. I have doubts storing all that data in a cookie for 2 reasons:

1. Unnecessary data travel back and forth.
2. data can be read easily.

Are my doubts valid?

So my other questions are :

1. Am I right on some level to avoid getting some session wide data in each request without getting into the trap of premature optimization? or Should I worry about this later when need arises and right now concentrate only on creating a working app?

2. Alternative to cookie based session is server side session which can be done by using redis or memcache. Where does Beaker library comes into this? Is it a standalone thing or to be used in conjunction with redis or memcache?

Answer 1

Most browsers support cookies of up to 4096 bytes. (Source)

If you want to save more than this than you should use a server-side session backend like Redis or Memcache. It's very easy to replace the default cookie session interface of Flask with a Redis or Memcache interface. There is a great snippet for redis by Armin. If you prefere memcache than you can replace the redis stuff of the snippet with the same memcache methods. ;)