2

I am a web-dev noob but I'll try my best to be clear about the problem, explain my approach, and what I've tried. I also include imports in-case those are causing the problem but I'm pretty sure I've isolated it to what I describe.

I am trying to use Flask-session to keep information private but some values are "lost". This code is trimmed down significantly for simplicity. The user lands on /send and we render the loading template. loading.js does fetch() on /deploy while it runs an animation, then() we go to /results when the deploy function is done.

loading.js

function navigate() {
    window.location.href = 'results';  // redirect to results page when done!
}


 // deploy the contract while the loading screen goes then navigate to results page
const data = fetch('deploy').then(navigate);
  
loopThroughMessages(messages);

main.py

from flask_session import Session

app = Flask(__name__, 
static_folder='static',
template_folder='templates')

# for the session, i.e passing values 
app.config["SESSION_PERMANENT"] = False
app.config["SESSION_TYPE"] = "filesystem"
app.config.from_object(__name__)
Session(app)


@app.route('/send')
def main():
    # take url parameters and do stuff with them
    return render_template('loading.html')


@app.route("/deploy")
def deploy_contract():
    session['contract_address'] = some_fnc()

    # fetch() requires that this function return a json
    return {} 


@app.route("/results")
def serve_results_page():
    # pull saved values from the session
    data = {'contract_key' : session['contract_address']
    } # calling session here causes the error, the contract_address key doesn't exist

    return render_template('results.html', data=data)

So contract_address is saved to the session but when we get to /results, the server has no way to associate that session with the client.

We want to keep our contract_address private so sending it to loading.js is not an option. I'm guessing that since http is stateless, I need to pass a cookie to and from my js and python files but I'm a bit lost on how to implement it. Are cookies unnecessary (because the server doesn't actually need to receive any data from my js files)? Should I be using redirects or something besides fetch()?

Hacky fixes, different approaches, and resources are all welcome. I feel like I'm close, like there's a simple way to use cookies that I'm overlooking.

I will be continuing to research and detail the approaches I'm considering Edit1: Looking at Flask's should_set_cookie method

Improve this question
0

2 Answers 2

Reset to default
1

Try fetch with credentials:'include' to cause browsers to send a request with credentials included on the server side calls:

fetch('deploy', {
  method: 'GET',
  credentials: 'include'
}).then(navigate);

Using this, you will access session['contract_address'] in the results route.

The flask-session sets a cookie with a key session in your browser, fetch with credentials:'include' includes this cookie value in the network call.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Session in flask is implemented as a client session, saving all session content as client cookies. The flask-session extension provides some other server storage for session. E.g. app.config["SESSION_TYPE"] = "filesystem" save session content in a file on the server.

But both of the approaches still depends on Cookie. The server-side session storage need to get a session_id from client Cookie.

You need to enable cookie sending on Fetch API.

fetch, sending cookies

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.