For session management, use the Flask-Login library.
For hashing passwords, use the built-in Flask tool.
Protect the app's pages for logged-in users only.
To develop a User model, use Flask-SQLAlchemy.
Users should be able to create accounts and log in using sign-up and login forms.
Import current user from flask login.
route @application (...)
your route() is a function that defines your route.
is authenticated returns the current user.
Flask-Login uses sessions for authentication by default. This implies you must set the secret key on your application, or Flask will prompt you to do so.
The login procedure appears to be safe. However, neither the prospective existing user nor the existing email address were checked in the signup form. Unless the underlying User schema is in charge of this. You should also demand a password with a minimum level of complexity.
Flask-Session is a Flask extension that adds server-side session functionality to your application. The Session is the period of time between when a client logs in and logs off of a server. The data that must be saved in the Session is saved on the server in a temporary directory.