I’m trying to secure a Dash app and add multi-user login, serving every user their own data & visualisations. How I’m doing this is using flask-login and its variable called current_user and serving a multiple pages, returning the correct layout via a callback to the user only if the user is authenticated, and filtering their data in callbacks based on the current user.
I can find the following in the documentation :
Dash is designed to work in multi-user environments where multiple people may view the application at the same time and will have independent sessions .
If your app uses modified
globalvariables, then one user’s session could set the variable to one value which would affect the next user’s session.
Dash is also designed to be able to run with multiple python workers so that callbacks can be executed in parallel.
Could this cause one of the following in your opinion ?
1 - One user setting the session of the other causing user 2 not to have to login and accessing user 1’s data if user 1 didn’t log out.
2 - A callback would run on one of the “authorised worker” and an another on an unauthorised one causing non access to the data