0π
β
In my case, the problem was colliding sessions. The vue app also makes calls to a flask api, which sets its own session. The SECRET_KEYs were different. So, when there was an api call between webserver calls (or visa versa) the session could not be decrypted and new (empty) data were returned, as if weβd never been there.
Setting the secret_keyto be the same secret did the trick.
π€ebbishop
Source:stackexchange.com