GitHub user dosubot[bot] added a comment to the discussion: How to use Superset
server side sessions in the code?
<!-- Answer -->
Superset 6.0.0 uses Flask-Session for server side sessions when you set
`SESSION_SERVER_SIDE = True` in `superset_config.py` and configure a backend
like Redis (`SESSION_TYPE = "redis"`, `SESSION_REDIS = Redis(...)`). In your
code, you should still use `flask.session` (e.g., `session.get("key")` or
`session["key"] = value`) to store and retrieve context—this API hasn't
changed, but the data now lives in your backend instead of browser cookies. If
your context is getting lost, double-check that your session backend is
configured and reachable, and that you set session values before the response
is returned so Flask-Session can persist them. See the [config example and
notes
here](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/config.py#L1713-L1725)
and [initialization logic
here](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/initialization/__init__.py#L27-L518).
If you have a custom security manager, note that Superset 6.0.0 removed
`get_session`—use `self.session` for DB operations instead. For custom login
flows, you can still store context in `session` as before, but architectural
changes (React login UI, new backend auth views) may affect where and how you
inject custom logic. If you need to run logic on every request (e.g., session
invalidation), you can use a `FLASK_APP_MUTATOR` in your config to add a
`before_request` hook.
If session data is still not persisting, check for backend misconfiguration,
missing session commits, or issues with your custom login flow not setting
session values early enough. Let me know if you want a code snippet for a
specific use case!
<!-- Dosu Comment Footer -->
*To reply, just mention [@dosu](https://go.dosu.dev/dosubot).*
---
<sup>How did I do?
[Good](https://app.dosu.dev/response-feedback/b18ed30f-5449-4cfb-a0f6-2ee54eb85dd4?feedback_type=great_response)
|
[Irrelevant](https://app.dosu.dev/response-feedback/b18ed30f-5449-4cfb-a0f6-2ee54eb85dd4?feedback_type=irrelevant_answer)
|
[Incorrect](https://app.dosu.dev/response-feedback/b18ed30f-5449-4cfb-a0f6-2ee54eb85dd4?feedback_type=incorrect_sources)
|
[Verbose](https://app.dosu.dev/response-feedback/b18ed30f-5449-4cfb-a0f6-2ee54eb85dd4?feedback_type=too_verbose)
|
[Hallucination](https://app.dosu.dev/response-feedback/b18ed30f-5449-4cfb-a0f6-2ee54eb85dd4?feedback_type=hallucination)
| [Report
🐛](https://app.dosu.dev/response-feedback/b18ed30f-5449-4cfb-a0f6-2ee54eb85dd4?feedback_type=bug_report)
|
[Other](https://app.dosu.dev/response-feedback/b18ed30f-5449-4cfb-a0f6-2ee54eb85dd4?feedback_type=other)</sup>
[](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=Superset%206.0.0%20uses%20Flask-Session%20for%20server%20side%20sessions%20when%20you%20set%20%60SESSION_SERVER_SIDE%20%3D%20True%60%20in%20%60superset_config.py%60%20and%20configure%20a%20backend%20like%20Redis%20%28%60SESSION_TYPE%20%3D%20%22redis%22%60%2C%20%60SESSION_REDIS%20%3D%20Redis%28...%29%60%29.%20In%20your%20code%2C%20you%20should%20still%20use%20%60flask.session%60%20%28e.g.%2C%20%60session.get%28%22key%22%29%60%20or%20%60session%5B%22key%22%5D%20%3D%20value%60%29%20to%20store%20and%20retrieve%20context%E2%80%94this%20API%20hasn%27t%20changed%2C%20but%20the%20data%20now%20lives%20in%20your%20backend%20instead%20of%20browser%20cookies.%20If%20your%20context%20is%20getting%20lost%2C%20double-check%20that%20your%20session%20backend%20is%20co
nfigured%20and%20reachable%2C%20and%20that%20you%20set%20session%20values%20before%20the%20response%20is%20returned%20so%20Flask-Session%20can%20persist%20them.%20See%20the%20%5Bconfig%20example%20and%20notes%20here%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/config.py%23L1713-L1725%29%20and%20%5Binitialization%20logic%20here%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/initialization/__init__.py%23L27-L518%29.%0A%0AIf%20you%20have%20a%20custom%20security%20manager%2C%20note%20that%20Superset%206.0.0%20removed%20%60get_session%60%E2%80%94use%20%60self.session%60%20for%20DB%20operations%20instead.%20For%20custom%20login%20flows%2C%20you%20can%20still%20store%20context%20in%20%60session%60%20as%20before%2C%20but%20architectural%20changes%20%28React%20login%20UI%2C%20new%20backend%20auth%20views%29%20may%20affect%20where%20and%20how%20you%20inject%20custom%20logic.%20If%20you%20need
%20to%20run%20logic%20on%20every%20request%20%28e.g.%2C%20session%20invalidation%29%2C%20you%20can%20use%20a%20%60FLASK_APP_MUTATOR%60%20in%20your%20config%20to%20add%20a%20%60before_request%60%20hook.%0A%0AIf%20session%20data%20is%20still%20not%20persisting%2C%20check%20for%20backend%20misconfiguration%2C%20missing%20session%20commits%2C%20or%20issues%20with%20your%20custom%20login%20flow%20not%20setting%20session%20values%20early%20enough.%20Let%20me%20know%20if%20you%20want%20a%20code%20snippet%20for%20a%20specific%20use%20case%21) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/37962)
GitHub link:
https://github.com/apache/superset/discussions/37962#discussioncomment-15793155
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
