I need to store a variable that I can access between 2 views in Flask. Each view will be a different client request. The variable needs to be as secure as possible as it contains the users password. I need to share the password between 2 views as the user first enters the password to log in to the app, after which I then use the password entered to authenticate to a proxy server via a second client request. I cannot write this password to disk on the server or put it in a database.
I've been looking at server side session variables using http://pythonhosted.org/Flask-Session/ but I am concerned about using Flask Session as it's not the most secure method for this type of scenario. My idea was to use the Flask Session library but encrypt the password using an AES-256 key on the server, thus being able to access the value in my second view using the server side session variable that is encrypted and decrypt this in the python function. I don't expect to load balance the app at this point, but if I did need to, I could use the same AES keys across the servers.
I've been looking around but yet to find the best solution so can anyone give guidance on how to best approach this?
I'm using the latest version of Flask running on Python 2.7.10.
Thanks in advance. Oli
