[Flask] Flask-Security authentication in JS

Krzysztof Andrzej Sikorski krzysztof.sikorski at zerozero.pl
Thu Sep 3 15:11:48 CEST 2015



On 2015-09-03 08:55, Morgan Connolly wrote: 

> I didn't know that the browser would transmit cookies even if I used JavaScript, having never worked on a dynamic website before. I just tried adding the JavaScript, and without having to do any other work, it works how I want it to.

You were lucky. Cookies can be set with a "httponly" flag, which
prevents JavaScript from seeing them. Looks like default Flask
configuration does not set that flag.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20150903/f805908d/attachment.html>


More information about the Flask mailing list