I have two identical Flask applications deployed on two AWS EC2 instances. Then I have elastic load balancing in front of these two machines.
I use standard cookie-based session management for authentication and @login_requiredannotation to protect routes.
Everything works fine when the load balancer is set to sticky, but as soon as I start sending a request to a machine that did not perform initial authentication (not sticky), I get auth errors.
I have the same secret key in my configuration for both servers:
WTF_CSRF_ENABLED = True
SECRET_KEY = "my_key"
My user is stored in the database:
@login_manager.user_loader
def load_user(id):
return User.query.get(id)
Is it possible to exchange files of encrypted flash drive sessions to share different machines for real statelessness?