search

mkhorasani / Streamlit-Authenticator

A secure authentication module to validate user credentials in a Streamlit application.
Apache License 2.0
1.37k stars 229 forks source link

Authentication cookie exists, but can't use st.session_state #141

Closed yhavin closed 3 months ago

yhavin commented 3 months ago

Thank you for this component, it is amazing!

The st.session_state dictionary is used for a lot of logic with authentication. However, when I maintain login status through a cookie (and I have verified the cookie is in my browser dev tools), the session state dictionary is still empty (because it reloads with every page refresh). So how am I meant to implement any logic using the authentication state? For example, having text in the sidebar that says "Logged in as \<name>" doesn't work because it can't retrieve any name from the session state.

Or an even more critical example, showing/hiding content based on login status.

What is the recommended way to use authentication status logic when maintaining login via the cookie?

Thanks in advance!

yhavin commented 3 months ago

I realise this has been partially covered in https://github.com/mkhorasani/Streamlit-Authenticator/issues/124

mkhorasani commented 3 months ago

Dear @yhavin, if you are using Streamlit-Authenticator with multi-page apps, you will have to recreate the authenticator object on each and every page and invoke the login method as shown below:

authenticator = stauth.Authenticate(
    config['credentials'],
    config['cookie']['name'],
    config['cookie']['key'],
    config['cookie']['expiry_days'],
    config['pre-authorized']
)

authenticator.login()

This is to ensure that when a user hard refreshes the page and the session state variables related to re-authentication are lost, the authenticator object is there to re-initialize them from the cookie saved on the browser.