session disappears when request is sent from fetch

I'm trying to use Gmail API to access emails with Flask-Authlib. after user authorization, the server will put a access token in session, then it will direct to a react route /test. in the react component invoked by /test, it will send a GET request to another method in backend for email info, however, the access token doesnt exist anymore although i set session life time to be long enough.

So the flow is like this: login -> authorized(return to front end) -> send Get request to backend /index.

Any help would be appreciated.


def index():
    print(get_access_token())  # does not work
    if 'access_token' in session:
        me = gmail.get('userinfo')
        user_id =['id']
        access_token = get_access_token()
        start = time.time()
        inbox = Inbox(gmail, access_token, user_id)
        emails = inbox.emails
        end = time.time()
        return jsonify({
            "emails": emails,
            'me': user_id,
            'count': len(emails),
            'time': end - start,
            'request time': inbox.request_time
    return jsonify({
        'status': 403,
        'session': session.get('access_token')

def login():
    return gmail.authorize(callback=url_for('authorized', _external=True))

def logout():
    session.pop('access_token', None)
    return redirect(url_for('index'))

def authorized():
    resp = gmail.authorized_response()
    if resp is None:
        return 'Access denied: reason={} error={}'.format(
    session['access_token'] = (resp['access_token'], '')
    print(get_access_token())  # works
    return redirect('test')

def get_access_token():
    return session.get('access_token')


const Test = React.createClass({

  componentDidMount() {
    .then(response => {
      return response.json()
    .then(json => {
    .catch(ex => {
  render() {
    return (

  <Router history={history}>
    <Route component={App}>
      <Route path="/" component={Index} />
      <Route path="/test" component={Test} />
), document.getElementById('content'))


That's because your using fetch @see: the caveats section.

By default, fetch won't send any cookies to the server, resulting in unauthenticated requests if the site relies on maintaining a user session.

js interview questions