How Secure Is The Flask User Session?

Many times I hear people say that user sessions in Flask are encrypted, so it is safe to write private information in them. Sadly, this is a misconception that can have catastrophic consequences for your applications and, most importantly, for your users. Don't believe me? Below you can watch me decode a Flask user session in just a few seconds, without needing the application's secret key that was used to encode it.



Hey Miguel, What Are You Working On These Days?

Posted by Miguel Grinberg under Personal.

People are always curious about what I do at work. Up until some months ago, I was employed by Rackspace and worked on OpenStack development, something that made total sense and required no additional explanation. But then, in November of 2015 I decided to leave Rackspace to join an unknown little startup called SDVI Corporation. I have been working with them since.


I am constantly asked what is this SDVI thing, so I decided to put it in writing. Now, in the spirit of full disclosure, this isn't a completely innocent idea. SDVI is growing and is hiring full-stack developers, so with this article I not only want to satisfy your curiosity, but also pitch the company to those of you who might find that what we do is interesting.



"Flask At Scale" tutorial at PyCon 2016 in Portland

Pycon 2016 Logo

The tutorial line up for PyCon 2016 in Portland, Oregon has been announced, and I'm excited to be part of it with yet another Flask tutorial. For some odd reason, not all the class information I provided with my proposal was published on the PyCon website, so I want to give you a good overview of the material I plan to cover here, to help you decide if this tutorial is for you.



Error Handling in the Real World

Below you can find the video of a talk I gave yesterday at the Python Portland user group meetup. The topic of the talk is error handling. Note that I recorded the talk myself, using a screen capture software plus a voice recorder app running on my cellphone. It is a decent recording, but not professional quality by any means.

I want to thank the PDX Python user group for giving me the chance to present last night, and also to my employer SDVI Corporation for sponsoring the night and bringing in pizza. By the way, did you know SDVI is hiring remote Python/Javascript developers?



Resolving Database Schema Conflicts

If you work on a project that uses database migrations with other developers, it is likely that you have experienced migration conflicts at some point. These occur when two or more developers are merging unrelated features to the master source control branch at around the same time, with each feature requiring different changes to the database.

In this article, I'm going to describe the problem and its solution in detail, using an actual example based on my Flask-Migrate extension. While I will be using commands that are specific to Flask-Migrate and Alembic, the solution to the problem that I present here can be adapted to other database migration frameworks.



Customizing the Flask Response Class

The Flask response class, appropriately called Response, is rarely used directly by Flask applications. Instead, Flask uses it under the covers as a container for the response data returned by application route functions, plus some additional information needed to create an HTTP response.

What's not widely known, is that Flask gives applications the option to replace the stock response class with a custom one, opening the door to some neat tricks. In this article I'm going to show you how to take advantage of this technique to simplify your application code.



Web Development on Windows Does Not Need To Suck

Microsoft Windows has long been considered a subpar platform for web development not based on a Microsoft technology, or in more general terms, for any kind of open source work. If you are looking for tutorials online on any open source related topic and happen to be on a Windows PC, you are going to have a lot of trouble in finding material that does not assume you are on a Linux or Mac system with access to Unix-based tools.

I mostly work on a Mac computer these days, but I own and regularly use a Windows PC as well. In this article I'm going to introduce you to the open source project that I use to bridge the gap between Windows and the Unix world. This project allows me to work on my open source projects on the PC, using the same tools I use on the Mac, or on a Linux PC. The image above is a screenshot of my terminal, running on Windows 10 (click on it to see it in its actual dimensions). There you can see I have three independent very Unixy-looking console sessions. Not the type of terminal window you associate with Windows, right?



Flask-SocketIO needs your help!

Posted by Miguel Grinberg under Python, Flask.

Some of you know that for the last few weeks I have been quietly but steadily working on a significant new release of Flask-SocketIO that will be labeled 1.0, and that is practically a complete rewrite. Given that this is a fairly popular extension, I would like to ask existing users to test it and provide feedback before it is officially released.



Celery and the Flask Application Factory Pattern

After I published my article on using Celery with Flask, several readers asked how this integration can be done when using a large Flask application organized around the application factory pattern. It's a very good question, as it is non-trivial to make Celery, which does not have a dedicated Flask extension, delay access to the application until the factory function is invoked.

In this article I'm going to describe in detail how I added Celery to Flasky, the application featured in my Flask book.



My PyCon 2015 Sessions

In this short blog post I want to share the two presentations I gave at PyCon 2015, which are now available to watch on YouTube.