As also said @jinnyzor, you should set one secret key that will be share by all instances of your app.
That means setting $SECRET_KEY in your environment. And I suggest changing the code to :
# SECRET KEY should be secret and set at the environment level, not in the code.
server.secret_key = os.environ['SECRET_KEY']
That way it will raise an error if the environment variable $SECRET_KEY is not set.
I think this modification will solve your initial problem.
Regarding the way to store user information, anything that you store in dcc.Store might be seen by the user and should be considered as a non-trustable user input.
Instead, you should store the user information in a database (Redis, SQLite, …) and retrieve the info each time thank to the session id. As this session id is created by Flask and uses your SECRET_KEY, nobody will be able to create an id on their own. As a result, they will not able to steal somebody else session and somebody else user info.