Is it safe to store User ID within the Flask session?
To summarise answers given in the comments:
- Cookie can be tampered with but if Flask session security is enabled, such tampered session will be thrown away, forcing the client to re-login
- The session data Base64-encoded within the cookie can be quite easily viewed. Therefore anything that your clients are not supposed to see should not be included there