
Flask uses the MVC (Model View Controller) Framework. Just to make this as obvious as possible, I like my Flask apps to have the following.
- Model -> models.py
- View -> views.py
- Controller -> __init__.py
Flask Sessions and Flask Cookies are similar, the primary difference being
- Flask Sessions are encrypted
- Flask Cookies are not encrypted
Let's say your Flask app has the following files.
├── main.py
├── my-project (directory)
│ ├── __init__.py
│ ├── views.py
│ ├── templates (directory)
│ │ ├── home.html
Here is a basic example of how to create a cookie named "foo" with a value of "bar".
from flask import Blueprint, render_template, make_response
blueprint = Blueprint('views', __name__)
@blueprint.route('/')
def home():
resp = make_response('creating a cookie named foo with a value of bar')
response.set_cookie("foo", value='bar')
return response
Now when going to the home page of your Flask app, the "foo" cookie should be added to your web browsers cookies. Well, that was easy!
Notice in the above example that Expires is "When the browsing session ends". max_age can be used so that the cookie will expire after x seconds, 3600 seconds in this example (1 hour).
from flask import Blueprint, render_template, make_response
blueprint = Blueprint('routes_home', __name__)
@blueprint.route('/')
def home():
resp = make_response('creating a cookie named foo with a value of bar that will expire in 3600 seconds (1 hour)')
response.set_cookie("foo", value='bar', max_age=3600)
return response
I tried countless different combinations and couldn't get the domain option to create a cookie in the specified domain. For example, I first tried this and there was no cookie in the example.com domain.
from flask import Blueprint, render_template, make_response
blueprint = Blueprint('routes_home', __name__)
@blueprint.route('/')
def home():
resp = make_response('creating a cookie named foo with a value of bar that will expire in 3600 seconds (1 hour) in domain .example.com')
response.set_cookie("foo", value='bar', domain='.example.com')
return response
I suspect this is because "Send for" is set to "Same-site connections only". I tried samesite=None and samesite='Lax' and samesite='strict' with domain .example.com and no cookie was created in the example.com domain.
from flask import Blueprint, render_template, make_response
blueprint = Blueprint('routes_home', __name__)
@blueprint.route('/')
def home():
resp = make_response('creating a cookie named foo with a value of bar that will expire in 3600 seconds (1 hour) in domain .example.com')
response.set_cookie("foo", value='bar', domain='.example.com', samesite=None)
return response
What I ended up doing was to create subdomains in the same domain, such as foo.example.com and bar.example.com so that the cookie was samesite.
Did you find this article helpful?
If so, consider buying me a coffee over at