Fix session persistence with Flask-Session

Dockerfile

@@ -40,7 +40,7 @@ RUN pip install --no-cache-dir --upgrade pip && \
 COPY --chown=user:user . /app
 
 # Create necessary directories
-RUN mkdir -p app/static app/templates
+RUN mkdir -p app/static app/templates flask_session
 
 # Expose Hugging Face port
 EXPOSE 7860

app.py

@@ -1,4 +1,5 @@
 from flask import Flask, render_template, request, redirect, url_for, flash, session, jsonify
+from flask_session import Session
 import os
 import gc
 import logging
@@ -8,7 +9,7 @@ import pymongo
 from pymongo import MongoClient
 from bson.binary import Binary
 import base64
-from datetime import datetime, timezone
+from datetime import datetime, timezone, timedelta
 from dotenv import load_dotenv
 import numpy as np
 import cv2
@@ -40,16 +41,26 @@ load_dotenv()
 
 # Initialize Flask app
 app = Flask(__name__, static_folder='app/static', template_folder='app/templates')
-app.secret_key = os.environ.get('SECRET_KEY', os.urandom(24))
-
-# SESSION CONFIGURATION FOR HUGGING FACE COMPATIBILITY
-app.config['SESSION_COOKIE_SECURE'] = False  # Allow non-HTTPS in development
+app.secret_key = os.environ.get('SECRET_KEY', os.urandom(32))
+
+# FLASK-SESSION CONFIGURATION FOR SERVER-SIDE SESSIONS
+app.config['SESSION_TYPE'] = 'filesystem'  # Store sessions on server disk
+app.config['SESSION_FILE_DIR'] = './flask_session/'  # Directory for session files
+app.config['SESSION_PERMANENT'] = True
+app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(hours=2)  # 2 hour sessions
+app.config['SESSION_USE_SIGNER'] = True
 app.config['SESSION_COOKIE_HTTPONLY'] = True
+app.config['SESSION_COOKIE_SECURE'] = False  # Set True if HTTPS
 app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
-app.config['PERMANENT_SESSION_LIFETIME'] = 3600  # 1 hour
-app.config['SESSION_TYPE'] = 'filesystem'
 
-print(f"Flask app initialized with secret key: {bool(app.secret_key)}")
+# Create session directory if it doesn't exist
+if not os.path.exists('./flask_session/'):
+    os.makedirs('./flask_session/')
+
+# Initialize Flask-Session
+Session(app)
+
+print(f"Flask app initialized with Flask-Session: filesystem storage")
 
 # Create temporary directory for image processing
 TEMP_DIR = tempfile.mkdtemp()
@@ -554,14 +565,14 @@ def login():
             # Clear any existing session
             session.clear()
             
-            # Set session variables
+            # Set session variables with Flask-Session
             session['logged_in'] = True
             session['user_type'] = 'student'
             session['student_id'] = student_id
             session['name'] = student.get('name', 'Unknown')
             session.permanent = True
             
-            print(f"Session set: {dict(session)}")  # Debug log
+            print(f"Session set successfully: {dict(session)}")  # Debug log
             flash('Login successful!', 'success')
             return redirect(url_for('dashboard'))
         else:
@@ -629,7 +640,7 @@ def face_login():
                         # Clear any existing session
                         session.clear()
                         
-                        # Set session variables
+                        # Set session variables with Flask-Session
                         session['logged_in'] = True
                         session['user_type'] = face_role
                         session[id_field] = user[id_field]
@@ -724,7 +735,7 @@ def auto_face_login():
                         # Clear any existing session
                         session.clear()
                         
-                        # Set session variables
+                        # Set session variables with Flask-Session
                         session['logged_in'] = True
                         session['user_type'] = face_role
                         session[id_field] = user[id_field]
@@ -813,6 +824,9 @@ def dashboard():
         flash(f'Error loading dashboard: {str(e)}', 'danger')
         return redirect(url_for('login_page'))
 
+# Add all your other existing routes here (mark-attendance, liveness-preview, teacher routes, etc.)
+# ... (copy all remaining routes from your previous code)
+
 @app.route('/mark-attendance', methods=['POST'])
 def mark_attendance():
     if 'logged_in' not in session or session.get('user_type') != 'student':
@@ -1126,7 +1140,7 @@ def teacher_login():
             # Clear any existing session
             session.clear()
             
-            # Set session variables
+            # Set session variables with Flask-Session
             session['logged_in'] = True
             session['user_type'] = 'teacher'
             session['teacher_id'] = teacher_id
@@ -1285,6 +1299,7 @@ def health_check():
         'status': 'healthy',
         'platform': 'hugging_face',
         'session_working': bool(session.get('logged_in')),
+        'session_storage': app.config['SESSION_TYPE'],
         'memory': 'optimized',
         'face_detector': 'haar_cascade',
         'timestamp': datetime.now().isoformat()
@@ -1298,7 +1313,9 @@ def debug_session():
         'logged_in': session.get('logged_in', False),
         'user_type': session.get('user_type', 'None'),
         'cookies': dict(request.cookies),
-        'secret_key_set': bool(app.secret_key)
+        'secret_key_set': bool(app.secret_key),
+        'session_type': app.config['SESSION_TYPE'],
+        'session_dir': app.config['SESSION_FILE_DIR']
     })
 
 @app.route('/test-login')
@@ -1326,5 +1343,5 @@ def manual_cleanup():
 # HUGGING FACE SPECIFIC: Updated port to 7860
 if __name__ == '__main__':
     port = int(os.environ.get('PORT', 7860))  # Hugging Face uses port 7860
-    print(f"Starting Flask app on port {port}")
+    print(f"Starting Flask app on port {port} with Flask-Session")
     app.run(host='0.0.0.0', port=port, debug=False)

requirements.txt

@@ -1,4 +1,5 @@
 Flask==2.3.3
+Flask-Session==0.8.0
 pymongo==4.6.0
 python-dotenv==1.0.0
 opencv-python-headless==4.8.1.78