Thanks for the feedback! Could you elaborate on

called from a login form in your base.html

I am 'instantiating' the form in my base.html like this: {{ form.hidden_tag() }}

should I be calling a function here? Sorry to be so vague I am reluctant to link to the code hosting as this is a private project. Here are the login functions I am using:

@app.route('/login', methods=['GET', 'POST'])
@oid.loginhandler
def login():
    if g.user is not None and g.user.is_authenticated():
        return redirect(url_for('index'))
form = LoginForm()
if form.validate_on_submit():
    session['remember_me'] = form.remember_me.data
    return oid.try_login(form.openid.data, ask_for=['nickname', 'email'])
    return render_template('login.html',
                       title='Sign In',
                       form=form,
                       providers=app.config['OPENID_PROVIDERS'])

and

@oid.after_login
def after_login(resp):
#somewhere in here g.user.is_authenticated() gets set to true

if resp.email is None or resp.email == "":
    flash('Invalid login. Please try again.')
    return redirect(url_for('login'))
user = User.query.filter_by(email=resp.email).first()
if user is None:
    nickname = resp.nickname
    if nickname is None or nickname == "":
        nickname = resp.email.split('@')[0]
    nickname = User.make_unique_nickname(nickname)
    user = User(nickname=nickname, email=resp.email)
    db.session.add(user)
    db.session.commit()

remember_me = False
if 'remember_me' in session:
    remember_me = session['remember_me']
    session.pop('remember_me', None)
login_user(user, remember=remember_me)
return redirect(request.args.get('next') or url_for('index'))