Session-based flask app with session-id in url

I’m probably mixing thing up but here’s what I’m trying to do:
I have a dash app that has some session-id stored inside a dcc.Store.
This session-id is used as a lookup in a global dictionary that stores user data.
I’d like to have this session-id inside the URL so that a user can e.g. set a bookmark to recover his/her data later.
For this, I’d need a routing rule that takes the session-id in the URL and passes it to the dcc.Store.
Is this possible or … what would be an approach to achieve something like this?

Hello @luggie

I believe this is possible by using the Input(‘url’, ‘pathname’) inside the callback that returns your page’s layout.

from dash import Dash, html, dcc, State,Input, Output

app = Dash(__name__)

app.layout = html.Div([html.Div([], id='pageContent'), dcc.Store(id='sessionStore', storage_type='local'),
                       dcc.Location(id='url')])

def myLayout(inPath=False, sessionID=None):
    if inPath:
        if sessionID:
             return html.Div(f'welcome back {sessionID}')
    elif sessionID:
        return html.Div(f'welcome back {sessionID}, to return to this page use: http://127.0.0.1:8050/customData/{sessionID}')
    return html.Div("it doesn't look like we've met")

@app.callback(
    Output('pageContent', 'children'),
    Output('sessionStore','data'),
    Input('url', 'pathname'),
    State('sessionStore', 'data'),
    prevent_initial_call=True)
def display_page(pathname, sessionID):
    if 'customData' in pathname:
        try:
            sessionID = pathname.split('customData/')[1]
            return myLayout(True, sessionID), sessionID
        except:
            return myLayout(False, sessionID), sessionID
    return myLayout(), ''

if __name__ == '__main__':
    app.run_server(host='0.0.0.0', port=8050, debug=True)



I am assuming that you are using some sort of callback to set the session-id into the store, in this case you would have a conflict on outputs.

Now, as far as is it a good idea, I would say no. Because you could allow for other people to pull that person’s custom data with just a url string.

1 Like

thanks! For my use case it would be perfectly OK in terms of security to have the user’s data exposed via url string