Cookies

One disadvantage of web browsers as an execution environment is security: users are constantly downloading and executing arbitrary, untrusted Javascript code from third parties. You don't really want to be storing passwords or API keys in places where Javascript can get to them. But you often want some kind of persistence so the user doesn't get logged out if they refresh the page or close the tab.

One way to do that is with Cookies, small files the browser stores and can then include in subsequent HTTP requests. By default, Cookies can be restricted to only get sent to the domain that created them, and can be created with the HttpOnly flag to make them inaccessible with Javascript.

Here's a good example of reading and writing cookies with Flask: https://stackoverflow.com/a/46664792