Change Flask-Login currently logged in user

I need to implement a special superuser account with ability to change the current session to a new session of any other user. How do I change to a different account if I’m already logged in?

Answer

In the same way that you logged in the current user, call login_user with a different user instance to become that user.

You can’t acquire their actual session data though unless you’re using server side sessions. The default cookie-based session only stores the data as a cookie, which only the real user has access to.

Consider the security implications before implementing something like this. If a superuser can become any user, then only one login needs to be compromised to get everyone’s data.

Leave a Reply

Your email address will not be published. Required fields are marked *