Skip to main content

User authentication and session management for Flask.

Project description


Tests coverage Software License

Flask-Login provides user session management for Flask. It handles the common tasks of logging in, logging out, and remembering your users' sessions over extended periods of time.

Flask-Login is not bound to any particular database system or permissions model. The only requirement is that your user objects implement a few methods, and that you provide a callback to the extension capable of loading users from their ID.


Install the extension with pip:

$ pip install flask-login


Once installed, the Flask-Login is easy to use. Let's walk through setting up a basic application. Also please note that this is a very basic guide: we will be taking shortcuts here that you should never take in a real application.

To begin we'll set up a Flask app:

import flask

app = flask.Flask(__name__)
app.secret_key = 'super secret string'  # Change this!

Flask-Login works via a login manager. To kick things off, we'll set up the login manager by instantiating it and telling it about our Flask app:

import flask_login

login_manager = flask_login.LoginManager()


To keep things simple we're going to use a dictionary to represent a database of users. In a real application, this would be an actual persistence layer. However it's important to point out this is a feature of Flask-Login: it doesn't care how your data is stored so long as you tell it how to retrieve it!

# Our mock database.
users = {'foo@bar.tld': {'password': 'secret'}}

We also need to tell Flask-Login how to load a user from a Flask request and from its session. To do this we need to define our user object, a user_loader callback, and a request_loader callback.

class User(flask_login.UserMixin):

def user_loader(email):
    if email not in users:

    user = User() = email
    return user

def request_loader(request):
    email = request.form.get('email')
    if email not in users:

    user = User() = email
    return user

Now we're ready to define our views. We can start with a login view, which will populate the session with authentication bits. After that we can define a view that requires authentication.

@app.route('/login', methods=['GET', 'POST'])
def login():
    if flask.request.method == 'GET':
        return '''
               <form action='login' method='POST'>
                <input type='text' name='email' id='email' placeholder='email'/>
                <input type='password' name='password' id='password' placeholder='password'/>
                <input type='submit' name='submit'/>

    email = flask.request.form['email']
    if email in users and flask.request.form['password'] == users[email]['password']:
        user = User() = email
        return flask.redirect(flask.url_for('protected'))

    return 'Bad login'

def protected():
    return 'Logged in as: ' +

Finally we can define a view to clear the session and log users out:

def logout():
    return 'Logged out'

We now have a basic working application that makes use of session-based authentication. To round things off, we should provide a callback for login failures:

def unauthorized_handler():
    return 'Unauthorized', 401

Documentation for Flask-Login is available on ReadTheDocs. For complete understanding of available configuration, please refer to the source code.


We welcome contributions! If you would like to hack on Flask-Login, please follow these steps:

  1. Fork this repository
  2. Make your changes
  3. Install the dev requirements with pip install -r requirements/dev.txt
  4. Submit a pull request after running tox (ensure it does not error!)

Please give us adequate time to review your submission. Thanks!

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Flask-Login-0.6.3.tar.gz (48.8 kB view hashes)

Uploaded Source

Built Distribution

Flask_Login-0.6.3-py3-none-any.whl (17.3 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page