Posts Tagged: flask-login
-
Flask-Login Session Fixation Vulnerability: How to Regenerate Session IDs After Login
Flask-Login session fixation vuln: No auto session ID regen post-login → attacker hijacks via pre-auth session fixation (OWASP A5). Fix: session.regenerate() after login_user(). Code, audit, tests. Benchmarks: 0 vuln → secure.
-
How to Test Flask Endpoints That Require Authentication Without Hitting the Database
Flask auth endpoint testing without DB: Mock Flask-Login user_loader, pytest fixtures for test_client + fake user. Parallel-safe (500 tests/s), zero flakes/DB setup. Full app+tests code. Keywords: 'flask test authentication endpoints no database', 'pytest flask-login mock user', 'flask test_client login without db'.