Project Challenge: Create a Login and Logout Mechanism
In this lesson, we will be authenticating users using login and maintaining a session until they logout.
Problem statement
In this challenge, you are required to add a login and log out mechanism in the project application.
In this challenge, we have already provided you with the LoginForm
, login.html
template and a simple login
view function that returns the form to the template.
💡 What are sessions in
Flask
?To differentiate between one request and another, we use sessions in Flask. The session stores the information regarding each transaction in the form of cookies. For example, if we login to a website, and then click on another page, we do not get logged out. The reason is that the session maintains our user information.
💡 How do we use sessions in
Flask
?In
Flask
, we use the globalsession
object to access the current session. This object is a simple dictionary. We can add or remove keys from it. For example, when a user logs in, we can insert a'user'
key in thesession
with the value of the current user’s object. Similarly, when the user logs out, we can remove the'user'
key from the session.
Now that we know all about sessions, let’s take a look at all the tasks that you are required to perform in this challenge.
-
Authentication: the user should be authenticated using the data received from the
form
in thelogin
view. You will have to match the information from theusers
list to authenticate. -
Invalid user data: in the case of wrong credentials, the
login
view should send amessage
to the template saying, “Wrong credentials. Please try again.” -
Valid user data: in case of valid user data, you have to return the message: “Successfully logged in!”.
-
Initialize user in the session: also, in the case of successful authentication, you have to add a
'user'
key in the session object before you return the template. -
Logout view and user removed from session: now that we have logged in the user, we will have to give them a mechanism to logout. For this purpose, you will have to create a
logout
view function and route. It should log the user out by removing the'user'
key from thesession
dictionary. Moreover, the logout view should redirect to thehomepage
view. -
Logout button in the navbar: if a user is logged in, we do not want them to be able to see the “sign up” and “login” buttons in the navigation bar. Instead, we want them to see a “logout” button that triggers the
logout
view function.
📌 Note:
- We can access the
session
variable inside the templates. You will need it to solve the 6th task.Flask
provides us with aredirect()
function, which we can use to return from a view instead of a template. This function takes theURL
for the view that we want to redirect to. You will need to useurl_for()
to create thisURL
. However, be sure to add the following arguments for the sake of security.return redirect(url_for('view_name', _scheme='https', _external=True))
📌 Note: You might be able to use this function without the
_schema
and_external
flags locally. However, the environment on the Educative platform is configured very securely and does not allow redirecting without them.
Get hands-on with 1200+ tech skills courses.