Hi, I’ve started using cookies for user identification / authentication (on a very basic level)

A compressed version of the code looks like this:

from uuid import uuid4
from streamlit_cookies_controller import CookieController
controller = CookieController()

# some code in which the user signs in with a username and password
# ...
# ...

uuid = f"{uuid4()}"
controller.set("uuid", uuid)  # after authentication: store a unique ID in the cookie

# now here is some code that stores the uuid on the server side (in a file)
# ...
# ...

Now when the user comes back, the following happens:

cookies = controller.getAll()
uuid_from_cookies = cookies.get("uuid", None)

# here is some code that will check the uuid from the cookie 
# against the list of uuids that the server has stored (in a file).
# if the uuid from the cookie matches with one of the uuids t
# hat the server holds in a file, the user is automatically signed in

In most cases this works, but was baffles me is that restarting streamlit seems to clear the client-side cookies? I have some debug printouts that list the uuid from the cookie and the list of uuids that the server knows. After restarting streamlit, cookies = controller.getAll() results in an empty dictionary. Should cookies not survive a server restart?

Furhtermore, restarting the browser (Chrome) sometimes signs me out as well, but sometimes it keeps me signed it (again sometimes controller.getAll() results in {}.

I’m not familiar with that custom component specifically, but no files are preserved with a reboot on Community Cloud. Your environment will be reset to a fresh download from your Git repository. The custom component would have to use some external storage in order for IDs to persist through a reboot.

I’m using a local environment with persistent storage for the server-side IDs. What I observe is that the clients seem to “forget” their IDs.

Are you declaring expires or max_age when you set cookies? Looks like a one day default.

Yes, max age is set to 7 * 86400 (which should be one full week)

Does the CookieController really issue cookies to the clients (= saving cookies in the client browser)? If so, is the browser (Chrome) perhaps messing with the cookies?

expires was where the one-day expiration default came from. Can you pass today plus one week and see if that helps?

I’m not familiar with the library, but that’s what I expect from cookies. And yes, that means a user can clear away their cookies (manually or through an automated setting).

Thanks for the suggestions! It seems the problem was completely unrelated:

I had offloaded the cookie controller and the handling of cookies to a separate python file. Importing this file into my main page and sub-pages caused some pretty unpredictable behavior:

• user got signed out seemingly at random
• user got signed out upon refreshing the page
• user got signed out upon closing and reopening the browser

And worst of all:

• user2 could sign in as user1 without the correct credentials

It appears instantiating the cookie controller in an auxiliary python file makes its behavior pretty unpredictable. It also leads to multiple users being able to “share” their cookies (I suppose on the server side the cookie controller instantiated just once when my auxiliary python file was imported for the first time, and subsequent sessions would all use the same instance of the cookie controller)

After modifying my script and handling the cookies in the main page python file, the expected behavior was achieved.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.