Bug: shared global state causes word corruption when multiple sessions are active.

[jyoti-5906]

What's happening

While going through app.py I noticed that all the session state — word,
last_letter, letter_start_time, current_letter, and confidence — is
stored as plain module-level Python globals.

# app.py (lines 28–35)
current_letter = ""
confidence = 0.0
word = ""
last_letter = ""
letter_start_time = None
auto_add_delay = 5

Since Flask (and Gunicorn in the Procfile) serves requests concurrently, every
browser tab — or every user on the live Render deployment — reads and writes
these same variables with no isolation between them.

What goes wrong

Open two browser tabs at the same time and try signing different letters:

• Tab 2's prediction overwrites last_letter, which resets the auto-add timer
  for Tab 1 — so letters either get added too early or never at all
• Clicking Reset or Undo in one tab silently clears the word for
  every other active session
• The /get_word route returns a word built from a mix of inputs from
  different users

This also affects the live demo at aslproject-0oyu.onrender.com since
multiple visitors can hit it at the same time.

Suggested fix

Flask has a built-in session object (cookie-backed, per-user) that would
handle this cleanly — no extra dependencies needed.

from flask import session
import secrets

app.secret_key = secrets.token_hex(32)

# Inside /predict — read/write from session instead of globals
word = session.get('word', '')
last_letter = session.get('last_letter', '')
letter_start_time = session.get('letter_start_time', None)

# ... existing logic unchanged ...

session['word'] = word
session['last_letter'] = last_letter
session['letter_start_time'] = letter_start_time

The same pattern applies to /add_letter, /undo_letter, /reset, and
/get_word. Only app.py needs to change.

Affected file

• app.py

Notes

Happy to open a PR for this if the approach sounds good to maintainers @Sant60 .
It's a fairly self-contained change and easy to verify by opening two tabs.

[Krisha1606]

Hi @Sant60,

I would like to work on this issue under GSSoC'26.

I have reviewed the issue and understood the problem caused by shared global state across multiple sessions. I can implement a session-based solution to isolate user data, prevent state conflicts, and ensure the application behaves correctly for concurrent users.

Kindly assign this issue to me.

Thank you!

[Nairayadav]

Hi @Sant60,

I reviewed this issue and understand the root cause caused by module-level global variables being shared across concurrent Flask sessions.

I would be interested in working on this issue under GSSoC'26 if it is still available. I can implement a session-based state management approach using Flask sessions and thoroughly test multi-tab/user isolation scenarios.

Please let me know if I may proceed.

Thank you!

[Kalpnaa]

Hi @Sant60,

I would like to work on this issue under GSSoC’26 if it is still available.

I reviewed the issue and understand that the root cause is the use of module-level global variables in app.py, which causes session state to be shared across concurrent users and browser tabs.

My approach would be to:

• Replace global state variables (word, last_letter, letter_start_time, current_letter, and confidence) with Flask session-based state management.
• Update all affected routes such as /predict, /add_letter, /undo_letter, /reset, and /get_word to read/write state from session.
• Ensure each user gets isolated state to prevent cross-session interference.
• Test multi-user and multi-tab scenarios to verify Reset, Undo, prediction timing, and word generation behave correctly.

This seems like a clean and important fix for improving reliability in production.

Please consider assigning this issue to me. Thank you!