flask-login 0,1,2,1,3,0,6 travis-ci python

Flask user session management.

2 years after MIT


build status coverage

Flask-Login provides user session management for Flask. It handles the common tasks of logging in, logging out, and remembering your users' sessions over extended periods of time.

Flask-Login is not bound to any particular database system or permissions model. The only requirement is that your user objects implement a few methods, and that you provide a callback to the extension capable of loading users from their ID.


Install the extension with pip:

$ pip install flask-login


Once installed, the Flask-Login is easy to use. Let's walk through setting up a basic application. Also please note that this is a very basic guide: we will be taking shortcuts here that you should never take in a real application.

To begin we'll set up a Flask app:

import flask

app = flask.Flask(__name__)
app.secret_key = 'super secret string'  # Change this!

Flask-Login works via a login manager. To kick things off, we'll set up the login manager by instantiating it and telling it about our Flask app:

import flask_login

login_manager = flask_login.LoginManager()


To keep things simple we're going to use a dictionary to represent a database of users. In a real application, this would be an actual persistence layer. However it's important to point out this is a feature of Flask-Login: it doesn't care how your data is stored so long as you tell it how to retrieve it!

# Our mock database.
users = {'[email protected]': {'pw': 'secret'}}

We also need to tell Flask-Login how to load a user from a Flask request and from its session. To do this we need to define our user object, a user_loader callback, and a request_loader callback.

class User(flask_login.UserMixin):

def user_loader(email):
    if email not in users:

    user = User()
    user.id = email
    return user

def request_loader(request):
    email = request.form.get('email')
    if email not in users:

    user = User()
    user.id = email

    # DO NOT ever store passwords in plaintext and always compare password
    # hashes using constant-time comparison!
    user.is_authenticated = request.form['pw'] == users[email]['pw']

    return user

Now we're ready to define our views. We can start with a login view, which will populate the session with authentication bits. After that we can define a view that requires authentication.

@app.route('/login', methods=['GET', 'POST'])
def login():
    if flask.request.method == 'GET':
        return '''
               <form action='login' method='POST'>
                <input type='text' name='email' id='email' placeholder='email'></input>
                <input type='password' name='pw' id='pw' placeholder='password'></input>
                <input type='submit' name='submit'></input>

    email = flask.request.form['email']
    if flask.request.form['pw'] == users[email]['pw']:
        user = User()
        user.id = email
        return flask.redirect(flask.url_for('protected'))

    return 'Bad login'

def protected():
    return 'Logged in as: ' + flask_login.current_user.id

Finally we can define a view to clear the session and log users out:

def logout():
    return 'Logged out'

We now have a basic working application that makes use of session-based authentication. To round things off, we should provide a callback for login failures:

def unauthorized_handler():
    return 'Unauthorized'

Complete documentation for Flask-Login is available on ReadTheDocs.


We welcome contributions! If you would like to hack on Flask-Login, please follow these steps:

  1. Fork this repository
  2. Make your changes
  3. Install the requirements in dev-requirements.txt
  4. Submit a pull request after running make check (ensure it does not error!)

Please give us adequate time to review your submission. Thanks!

Related Repositories



Customizable User Account Management for Flask: Register, Confirm email, Login, ...



Flask-GoogleLogin extends Flask-Login to use Google's OAuth2 authorization ...



How to do security with angularjs and flask ...



Flask-Login 文档翻译 ...



LDAP3 Logins for Flask/Flask-Login ...

Top Contributors

maxcountryman alanhamlett miguelgrinberg markhildreth netromdk vesahautsalo eeue56 dsully bslatkin debrice anemitz dtheodor porterjamesj joelverhagen lpsinger therealmarv mattupstate FelixLoether petermanser fuhrysteve ekini chhantyal normundy alekzvik reith texuf cam-stitt cvrebert wodow dankeder


-   0.3.2 zip tar
-   0.3.1 zip tar
-   0.3.0 zip tar
-   0.2.11 zip tar
-   0.2.10 zip tar
-   0.2.9 zip tar
-   0.2.8 zip tar
-   0.2.7 zip tar
-   0.2.6 zip tar
-   0.2.5 zip tar
-   0.2.4 zip tar
-   0.2.3 zip tar
-   0.2.2 zip tar
-   0.2.1 zip tar
-   0.2.0 zip tar
-   0.1.3 zip tar
-   0.1.2 zip tar
-   0.1.1 zip tar