Store the active user’s ID in the session, and let you log them in and out easily.
Let you restrict views to logged-in (or logged-out) users.
Handle the normally-tricky “remember me” functionality.
Help protect your users’ sessions from being stolen by cookie thieves.
Possibly integrate with Flask-Principal or other authorization extensions later on.
However, it does not:
Impose a particular database or other storage method on you. You are entirely in charge of how the user is loaded.
Restrict you to using usernames and passwords, OpenIDs, or any other method of authenticating.
Handle permissions beyond “logged in or not.”
Handle user registration or account recovery.