Project Challenge: Create a Login and Logout Mechanism

In this lesson, we will be authenticating users using login and maintaining a session until they logout.

We'll cover the following

Problem statement

In this challenge, you are required to add a login and log out mechanism in the project application.

In this challenge, we have already provided you with the LoginForm, login.html template and a simple login view function that returns the form to the template.

💡 What are sessions in Flask?

To differentiate between one request and another, we use sessions in Flask. The session stores the information regarding each transaction in the form of cookies. For example, if we login to a website, and then click on another page, we do not get logged out. The reason is that the session maintains our user information.

💡 How do we use sessions in Flask?

In Flask, we use the global session object to access the current session. This object is a simple dictionary. We can add or remove keys from it. For example, when a user logs in, we can insert a 'user' key in the session with the value of the current user’s object. Similarly, when the user logs out, we can remove the 'user' key from the session.

Now that we know all about sessions, let’s take a look at all the tasks that you are required to perform in this challenge.

  1. Authentication: the user should be authenticated using the data received from the form in the login view. You will have to match the information from the users list to authenticate.

  2. Invalid user data: in the case of wrong credentials, the login view should send a message to the template saying, “Wrong credentials. Please try again.”

  3. Valid user data: in case of valid user data, you have to return the message: “Successfully logged in!”.

  4. Initialize user in the session: also, in the case of successful authentication, you have to add a 'user' key in the session object before you return the template.

  5. Logout view and user removed from session: now that we have logged in the user, we will have to give them a mechanism to logout. For this purpose, you will have to create a logout view function and route. It should log the user out by removing the 'user' key from the session dictionary. Moreover, the logout view should redirect to the homepage view.

  6. Logout button in the navbar: if a user is logged in, we do not want them to be able to see the “sign up” and “login” buttons in the navigation bar. Instead, we want them to see a “logout” button that triggers the logout view function.

📌 Note:

  1. We can access the session variable inside the templates. You will need it to solve the 6th task.
  2. Flask provides us with a redirect() function, which we can use to return from a view instead of a template. This function takes the URL for the view that we want to redirect to. You will need to use url_for() to create this URL. However, be sure to add the following arguments for the sake of security.
return redirect(url_for('view_name', _scheme='https', _external=True))

📌 Note: You might be able to use this function without the _schema and _external flags locally. However, the environment on the Educative platform is configured very securely and does not allow redirecting without them.

Get hands-on with 1200+ tech skills courses.