User Authentication in Streamlit


Hello everyone, I hope you’re all doing well. I’m working on creating a multi-page application using Streamlit, and I want to add a login and registration feature for users. I’m using PostgreSQL to store user information.

Here’s the problem I’m facing: If a user is not logged in and clicks on any page, they should be taken to the login page. But if they are logged in, they should be directed to the main page, and from there, they should be able to navigate to other pages. However, I’ve encountered an issue where non-logged-in users can also access other pages. To fix this problem, I tried using session state to store the current username.

But now, I’m facing a new problem. When I refresh the page, the session state gets reset, which is the usual behaviour in Streamlit as it reruns everything from top to bottom. So, I’m looking for help or guidance on how to resolve this issue or should I use any other authentication technique (if so kindly tell me which one).

Storing the current username using session_state:

st.session_state.user = current_user
st.session_state.is_authenticated = True

Expected Outcome:
I need a global authentication system for logged-in users, similar to what you see in other web applications. This would allow them to freely navigate between different pages while maintaining their logged-in status.

Hi @Aritra

There are a couple approaches for implementing a user authentication in Streamlit.

Here are some tutorial blogs that shows you how

Hope this helps!


Thank you @dataprofessor for your time, I really appreciate it. I don’t want to use the Streamlit’s in-build authentication as it is less customizable and less secure. For the second approach, as I mentioned earlier if I store it using session sate, then a page refresh will reinitialize the session state values. Then it will not work for multi page application.

1 Like

Yes, the main problem is the session_state. Is there any way to have cookies for session tokens?

I use this. It works well but it’s an old package. Use hotpatched version you can find in the pull requests to get rid of warning message