How is Flask-Login's request_loader related to user_loader?

Question

I apologize in advance for asking a rather cryptic question. However, I did not understand it despite going through a lot of material. It would be great if you could shed some

Answer 1

To verify users with Flask-Login's session_id for frontend requests through Angular, you must set the withCredentials configuration flag to true.

That is, if you are using Angular's $http.post(url,data [,config]) or $http.get(url [,config]), make sure the config object contains the property withCredentials set to true. This will instruct the browser to use its cookies in the same way it would for a full-on page visit.

For example,

$http.post('/api/login',{username:'myusername',password:'mypassword'},{withCredentials:true})

will post the data {username:'myusername',password:'mypassword'} to your site/app's /api/login route and, if you're using Flask-Login and are logged in, Flask will know.

You can set this behavior for all $http service requests by setting

$httpProvider.defaults.withCredentials=true

somewhere in your app. Currently, I have that line of code in my app.config block, which seems appropriate to me:

var myApp = angular.module('myApp');

myApp.config(function ($httpProvider) {
  $httpProvider.defaults.withCredentials = true;
  });

(Since this post is about Flask, folks may want to send form data through Angular in such a way that it can be found in request.form, which has a similar solution, fyi.)