One of the useful features of my Flask-SocketIO extension is the test client, which allows you to write Socket.IO unit tests. A long time limitation of the test client was that it did not see cookies set by Flask, such as the user session. This complicated writing Socket.IO tests for applications that require authentication, because most authentication mechanisms write something to the user session or a custom cookie. The use case that caused pain to a lot of developers was applications that use Flask-Login combined with Flask-SocketIO. To unit test such an application you had to resort to weird tricks such as mocking the current_user variable.

I recently came up with a solution to this problem, so I'm glad to report that this limitation is now a thing of the past. In this short article I want to show you how to set up your project to take advantage of the new cookie support in the Socket.IO test client.

For many types of applications, at times it is necessary to pause the running of the program until some external condition occurs. You may need to wait until another thread finishes, or maybe until a new file appears in a directory on disk that is being watched.

In these and many other situations you will need to figure out a way to make your script wait, and this isn't as easy as it sounds if you want to do it properly! In this article I'm going to show you a few different ways to wait. I'm going to use Python for all the examples, but the concepts I'm going to present apply to all programming languages.

There are plenty of tutorials that cover the basic measures you need to take to secure a Linux server, including my own. What usually falls outside the scope of these tutorials is what other steps are recommended for a server that is going to be accessed by multiple people, such as a group of developers all working together as a team. Group access to a server introduces some challenges, as you will need to implement procedures to grant and revoke access as team members come and go, and do so without any compromises on security.

It's been over a year since I wrote my guide on setting up a cheap Chromebook for web development. In that article, I presented three different ways to install a Linux distribution instead of, or sometimes alongside ChromeOS, the native Chromebook operating system. These three methods were all a bit hacky. One required running a heavily sandboxed Android app, while for the other two you had to put the machine in developer mode, which bypasses some of the security measures that make the Chromebook one of the most secure laptops you can find.

Since I wrote that article in September 2017 there's been a new development. Now there is a fourth method of running a native Linux distribution, available to most Chromebook models from the last few years. What makes this new method interesting is that it is an officially supported feature of ChromeOS, so there is no need to activate developer mode, and no need to make concessions on the highly regarded Chromebook security model. This method is based on container technology, and is known by the project name Crostini.

In this short article and video I want to give you a few tips on setting up a PyCharm project for your Flask application. The idea is to set up a Flask application so that it can be executed, debugged, and tested from inside PyCharm Community Edition, which is fantastic IDE for Python that is completely free to download and use. If you want to see me go through the exercise, watch the video below. Then you can come to the article if you want a quick reference and summary of the steps required.

JSON Web Tokens offer a simple and powerful way to generate tokens for APIs. These tokens carry a payload that is cryptographically signed. While the payload itself is not encrypted, the signature protects it again tampering. In their most common format, a "secret key" is used in the generation and verification of the signature. In this article I'm going to show you a less known mechanism to generate JWTs that have signatures that can be verified without having access to the secret key.

In this live webcast I explain how to prevent circular dependency errors in Python. Most of this presentation is a live coding session in which I refactor a single-file Flask application into a fully fleshed out structure with multiple packages and modules, demonstrating how I completely avoiding circular dependencies.

This is the twenty third and last installment of the Flask Mega-Tutorial series, in which I'm going to tell you how to extend microblog with an application programming interface (or API) that clients can use to work with the application in a more direct way than the traditional web browser workflow.

This is the twenty second installment of the Flask Mega-Tutorial series, in which I'm going to tell you how to create background jobs that run independently of the web server.

This is the twenty first installment of the Flask Mega-Tutorial series, in which I'm going to add a private message feature, along with user notifications that appear in the navigation bar without the need to refresh the page.