Tornado’s secure cookie support in Flask

tornado-cookie-flaskI’ve recently had the chance to write a new project on AppEngine.

It’s been a long time since I tried I was too lazy (as always) to setup servers just for that.

I’ve decided to use Python but just to be sure I won’t be vendor locked into various AppEngine services I’ve decided to use:

  • Flask (instead of webapp2)
  • Cloud SQL (instead of DataStore)

This will ensure that I can break out of AppEngine easily with minimal code changes.

This was the first major Flask project I’ve written and I found its current cookie support a bit lacking compared to Tornado’s secure cookies (I won’t go into the debate of why it should be kept like that and why I’m not using a session cookie that points to the real session data somewhere else).

I’ve decided to create a small module to add Tornado’s secure cookie support into Flask.

It’s basically a modified version of the current Tornado Secure Cookie code and its quite easy to use in Flask as well.

Grab it and share your comments and opinions. It’s also available on PyPI under the name “flask-secure-cookie“.

Leave a Reply