1

i am deploying a Flask app in Heroku and i am having problems with my sessions. The problem is that the sessions do not persist on heroku. When i open dev tools with f12 what i see is that when i login, it creates a cookie correctly but it just forgets it with a couple of redirects and it goes back to th main page. I tried everything and nothing works: I change my login to flask-login, i used heroku sticky-sessions, i created a new heroku app and still not working. In localhost everything works perfect and secret key is correctly setted.

I dont know what else to try. I think this is a heroku problem.

One other problem that this creates is that i made an if statement with jinja in my html to show differnt indexs if user was logged or not and now it only shows the index of not logged users: 

{% if current_user.is_authenticated %}
{% else %}

Here is a link to my repo (the code is in app.py): https://github.com/deloquito/hero

And here a link to my app for you to try it out: https://cerobull.herokuapp.com

I hope someone can help me to finally find this bug, thanks everyone :)

deloco
  • 43
  • 8
  • 1
    You have [already](https://stackoverflow.com/q/57715749/354577) [asked](https://stackoverflow.com/q/57691525/354577) [several](https://stackoverflow.com/q/57661902/354577) questions about redirects not working. The answer in each case was that Heroku's filesystem is ephemeral and therefore any changes you make to it will be lost frequently. Now you're [storing session data on Heroku's filesystem](https://github.com/deloquito/hero/blob/adcd9bbbbf21c5a6673d9681e01c635d1fce0610/app.py#L26-L30). Does that sound like a good idea? – ChrisGPT was on strike Sep 02 '19 at 18:03
  • Furthermore, we're not going to go off-site and dig through your code for you. I shouldn't have done it now, but I was curious if you'd made the same mistake again. In the future, please include all relevant code _here_, directly in your question, as a [mcve]. – ChrisGPT was on strike Sep 02 '19 at 18:04
  • Sorry, i am new to thw world of coding. An how can i store the session if it is not in filesystem? – deloco Sep 02 '19 at 20:16
  • What's the reason for not using normal Flask signed cookies/sessions? I would expect them to work on Heroku just fine since nothing is stored server-side (just the secret key that I assume isn't changing). – Doobeh Sep 02 '19 at 20:34
  • I am using normal flask sessions but heroku seems to not support them correctly and they just disappear – deloco Sep 02 '19 at 20:45
  • "I am using normal flask sessions"—it doesn't look like you are. The portion of your code that I linked to in my first comment explicitly says "Configure session to use filesystem (instead of signed cookies)", and then you proceed to set `app.config["SESSION_TYPE"]` to `"filesystem"`. – ChrisGPT was on strike Sep 02 '19 at 23:59

1 Answers1

1

I, on Heroku, found out that the issue was using os.urandom() in my config.py for the secret key. It was not an issue on local environment, but resulted in an extremely poor experience on Heroku.

Setting the secret key as an environment variable in Heroku resolved the issue of unstable Flask sessions for me.

Yunnosch
  • 26,130
  • 9
  • 42
  • 54
tserg
  • 41
  • 1
  • 2