How to get login information in panel app?

I added user authentication by passing an “auth_module” to the bokeh server. I also need the user name within my panel app, so I used

pn.state.cache["username"] = username

and then

pn.state.cache.get("username", "-")

But now users found that this sometimes results in other user names that are logged in. Is there a proper way to access that value, maybe through the tornado request handler?

If I could get tornado.web.RequestHandler somehow from within my panel app, I could access the cookie that keeps the user name.


Disclaimer: I do not personally use bokeh’s authentication module, b/c I typically embed it in a Flask app and use its login/authentication extensions.

With that caveat, a quick inspection/experimentation of the bokeh server authentication example here: server_auth shows that the cookies for the user are available via


My initial recommendation would be to access these in panel for the current session associated with that document via


There is also another recent Panel Discourse post that discusses a slightly different way to access via the panel state, but that’s not as clear to me how the data for different sessions are being managed. See

I know that in bokeh documents are by definition associated with sessions, which led to the first recommendation.

Good luck.


Hi @nritsche

Panel 0.10 which is expected to ship within the next month contains oauth integration and I believe easy to use integrations with cloud providers, github, social etc. You will be able to find information on Github in a PR.

Maybe that could be useful for you?

Thanks, but it won’t help me, since I implemented my own authentication. I don’t want to use oauth.

Thanks, this helped!
I managed to get the user via

from tornado.web import decode_signed_value
secure_cookie = pn.state.curdoc.session_context.request.cookies["user"]
user = decode_signed_value(cookie_secret, "user", secure_cookie).decode("utf-8")

I had to manually pass in the cookie secret though from when I create the server. Any ideas how I could directly access that in the bokeh server settings?


In the bokeh server simple auth example on Github, the request cookies dictionary looks like the following given their implementation of the authentication module.

{'_xsrf': '2|72d4710d|dfba623db795cea77ce50adce6dda0e1|1596226420', 'user': '"bokeh"'}

So the user entry is decoded as plain text at that level. If this is not the case when wrapped in panel, my initial thought would be to pull it out in bokeh and add it as a property of the document for the user’s session.

If you have an function as part of your bokeh server implementation, you could add it as part of the on_session_created() method. See the Lifecycle Hooks section of the bokeh server documentation here

Thanks @_jm!

I thought I should be able to just read that cookie, and using the master branch of panel it works with:


But on the production installation using panel 0.9.7, I get

'NoneType' object has no attribute 'session_context'

and similar if I try to get


Do you know if this is going to work with the next panel release?

@nritsche I’ll try to get the 0.10.0 release out asap but it might still take until next week.

1 Like