Session Storage

It is often useful to store information relevant to a user of the app for the duration of that usage session. For example the user may choose to want to save a option or be remembered as logged in. This information can either be stored client side or server side and Quart provides a system to store the information client side via Secure Cookie Sessions.

Secure Cookie Sessions

Secure Cookie Sessions store the session information on the Cookie in plain text with a signature to ensure that the information is not altered by the client. They can be used in Quart so long as the secret_key is set to a secret value.

An example usage to store a users colour preference would be,

from quart import session
...


@app.route('/')
async def index():
    return await render_template(
        'index.html',
        colour=session.get('colour', 'black'),
    )

@app.route('/colour/', methods=['POST'])
async def set_colour():
    ...
    session['colour'] = colour
    return redirect(url_for('index'))

Permanent Sessions

The cookies used by default are not set to be permanent (deleted when the browser’s session ends) to have permanent cookies session.permanent must be True when the session is modified. To set this as the default use this snippet,

@app.before_request
def make_session_permanent():
    session.permanent = True

WebSockets

Sessions can be used with WebSockets with an important caveat about cookies. A cookie can only be set on a HTTP response, and an accepted WebSocket connection cannot return a HTTP response. Therefore the default implementation, being based on cookies, will lose any modifications made during an accepted WebSocket connection.