Decode Flask session cookie

Snippet to decode Flask session cookie.

To find the cookie in Chrome, open Inspect -> Application -> Cookies, then find the session cookie.

Here’s a short Python snippet that decodes the session cookie using zlib and base64.urlsafe_b64decode.

import zlib
import base64

def decode(cookie):
    """Decode a Flask cookie."""
    try:
        compressed = False
        payload = cookie

        if payload.startswith('.'):
            compressed = True
            payload = payload[1:]

        data = payload.split(".")[0]

        data = base64.urlsafe_b64decode(data)
        if compressed:
            data = zlib.decompress(data)

        return data.decode("utf-8")
    except Exception as e:
        return "[Decoding error: are you sure this was a Flask session cookie? {}]".format(e)

Reference:

https://www.kirsle.net/wizards/flask-session.cgi