Flask-EncryptedSession is a replacement for the default Flask session. In addition to signing, it encrypts the cookie using the keyczar library. It is based on (and provides a similar interface to) Werkzeug's SecureCookie and Flask's SecureCookieSession and SecureCookieSessionInterface.

In addtion to Flask, Flask-EncryptedSession requires pyasn1, PyCrypto, and python-keyczar.

$ pip install http://keyczar.googlecode.com/files/python-keyczar-0.71b.tar.gz
$ pip install https://github.com/saltycrane/flask-encryptedsession/tarball/master

$ mkdir -p /tmp/keys
$ keyczart create --location=/tmp/keys --purpose=crypt
$ keyczart addkey --location=/tmp/keys --status=primary

from flask import Flask
from flask_encryptedsession.encryptedsession import (
    EncryptedCookieSessionInterface)

app = Flask(__name__)
app.session_interface = EncryptedCookieSessionInterface("/tmp/keys")

from datetime import datetime

from flask import Flask, session
from flask_encryptedsession.encryptedsession import (
    EncryptedCookieSessionInterface)


app = Flask(__name__)
app.debug = True
app.session_interface = EncryptedCookieSessionInterface("/tmp/keys")


@app.route("/")
def hello_world():
    now = str(datetime.now())
    last_visit = session.get('last_visit', 'Never')
    page = "Today's date: %s<br> Last visit: %s" % (now, last_visit)
    session['last_visit'] = now
    return page


if __name__ == '__main__':
    app.run()

$ git clone git@github.com:saltycrane/flask-encryptedsession.git
$ cd flask-encryptedsession
$ pip install http://keyczar.googlecode.com/files/python-keyczar-0.71b.tar.gz
$ pip install -e ./
$ python setup.py test