Simple user session protection
Simple user session protection.
Here is a simple application that uses Flask-Paranoid to protect the user session:
from flask import Flask from flask_paranoid import Paranoid app = Flask(__name__) app.config['SECRET_KEY'] = 'top-secret!' paranoid = Paranoid(app) paranoid.redirect_view = '/' @app.route('/') def index(): return render_template('index.html')
When a client connects to this application, a "paranoid" token will be generated according to the IP address and user agent. In all subsequent requests, the token will be recalculated and checked against the one computed for the first request. If the session cookie is stolen and the attacker tries to use it from another location, the generated token will be different, and in that case the extension will clear the session and block the request.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Hashes for Flask_Paranoid-0.3.0-py3-none-any.whl