What is User login flow in Express?

Expressframework~5 mins

User login flow in Express

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Introduction

User login flow lets people securely access their accounts on a website. It checks who they are before giving access.

When you want users to sign in to see their personal data.

When you need to protect parts of your website from strangers.

When users must enter a username and password to use your app.

When you want to keep track of who is using your service.

When you want to show different content based on who is logged in.

Syntax

Express

app.post('/login', (req, res) => {
  const { username, password } = req.body;
  // Check username and password
  if (validUser(username, password)) {
    req.session.user = username;
    res.send('Login successful');
  } else {
    res.status(401).send('Invalid credentials');
  }
});

Use app.post to handle login form submissions securely.

Access form data with req.body after using middleware like express.json() or express.urlencoded().

Examples

Simple check for fixed username and password.

Express

app.post('/login', (req, res) => {
  const { username, password } = req.body;
  if (username === 'user' && password === 'pass') {
    res.send('Welcome!');
  } else {
    res.status(401).send('Wrong login');
  }
});

Check username and password from a database asynchronously.

Express

app.post('/login', (req, res) => {
  const { username, password } = req.body;
  database.findUser(username).then(user => {
    if (user && user.password === password) {
      req.session.user = user.id;
      res.send('Logged in');
    } else {
      res.status(401).send('Invalid login');
    }
  });
});

Sample Program

This example shows a simple login flow using Express. It serves a login form, checks credentials, saves the user in session, and protects a dashboard page.

Express

import express from 'express';
import session from 'express-session';

const app = express();

app.use(express.urlencoded({ extended: true }));
app.use(session({ secret: 'secret-key', resave: false, saveUninitialized: true }));

const users = { user1: 'password123' };

app.get('/login', (req, res) => {
  res.send(`<form method='POST' action='/login'>
    <label for='username'>Username:</label>
    <input id='username' name='username' required />
    <label for='password'>Password:</label>
    <input id='password' name='password' type='password' required />
    <button type='submit'>Login</button>
  </form>`);
});

app.post('/login', (req, res) => {
  const { username, password } = req.body;
  if (users[username] && users[username] === password) {
    req.session.user = username;
    res.send(`Hello, ${username}! You are logged in.`);
  } else {
    res.status(401).send('Invalid username or password');
  }
});

app.get('/dashboard', (req, res) => {
  if (req.session.user) {
    res.send(`Welcome to your dashboard, ${req.session.user}.`);
  } else {
    res.status(401).send('Please login first');
  }
});

app.listen(3000, () => {
  console.log('Server running on http://localhost:3000');
});

OutputSuccess

Important Notes

Always use HTTPS in real apps to keep passwords safe.

Use session or tokens to remember logged-in users.

Never store plain passwords; use hashing in real projects.

Summary

User login flow checks who you are before giving access.

Use POST routes to handle login data securely.

Sessions help keep users logged in across pages.