Search code examples
javascriptpython-2.7model-view-controllerflaskflask-restful

How server-side controllers handle multiple sessions from client?

I come from a JavaScript background and I'm recently learning the server-side. I am under the impression that the controllers in the server-side is a 1 to many ratio in terms of interacting with the client side.

enter image description here

And I have this code for logging in:

@expose('/login/', methods=('GET', 'POST'))
    def login_view(self):
        if request.method == 'GET':
            # Render template
        if request.method == 'POST':
            # Take email and password from form and check if 
            # user exists. If he does, log him in.
            login.login_user(user)

            # Store user_id in session for socketio use
            session['user_id'] = login.current_user.id

            # Redirect

I understand that the session dictionary is like the localStorage counterpart of JavaScript, so does this mean that there is a unique controller for every unique client? because then multiple clients would overwrite the session.user_id if they shared the same controller right?

Solution

  • Session is created the state is maintained at the client side (in a cookie) after a user has been authenticated.

    So when a user logs in, with a email and password, the server will identify (doing some checking with valid email and password stored in database). The server can now set the cookie with a token( and possible expiry time) in the response. After that, HTTP request from that particular client will have a token, which will be used by server to identify the user.

    Basically, every session is maintained at client side and controller check for validity at the server side.