We’ve all experienced a time when we thought we were logged into a site and tried to access a protected page. Some sites handle this better than others, by letting the user know that the requested page is only for authenticated users.

When our user tries to access protected pages without logging in or encounters an error upon login, its best we communicate this somehow to the user.

We can catch authorization issues by adding a new route or endpoint with the @login_manager.unauthorized_handler decorator:

@login_manager.unauthorized_handler def unauthorized(): # do stuff return "Sorry you must be logged in to view this page"
  • the @login_manager.unauthorized_handler decorator ensures that any time there is an authorization issue, the unauthorized() route is called
  • the message in the return statement is HTML that is served to non-authenticated users. We can replace this with a template that users who fail to login see.



Use the @login_manager.unauthorized_handler decorator to handle access errors.

Sign up to start coding

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?