Concept Flow - User login flow

User sends login request

↓

Server receives request

↓

Extract username & password

↓

Check user in database

↓

Compare password

↓

Password match?

↓

Create session

↓

Send success response

This flow shows how a server handles a user login request step-by-step, checking credentials and responding accordingly.

Execution Sample

Express

app.post('/login', async (req, res) => {
  const { username, password } = req.body;
  const user = await db.findUser(username);
  if (!user) return res.status(401).send('User not found');
  if (user.password !== password) return res.status(401).send('Wrong password');
  req.session.userId = user.id;
  res.send('Login successful');
});

This code handles a login POST request, checks user credentials, and sends success or error responses.

Execution Table

Step	Action	Input/Condition	Result/Output
1	Receive POST /login	Request body: {username: 'alice', password: '1234'}	Proceed to extract credentials
2	Extract username & password	username='alice', password='1234'	Variables set
3	Find user in database	username='alice'	User found: {id:1, username:'alice', password:'1234'}
4	Check if user exists	user found	Continue to password check
5	Compare passwords	input='1234' vs stored='1234'	Passwords match
6	Create session	Set req.session.userId=1	Session created
7	Send response	Login successful	Response sent to client
8	End	All steps done	Login flow complete

💡 Login flow ends after sending success response or error if user not found or password mismatch

Variable Tracker

Variable	Start	After Step 2	After Step 3	After Step 5	After Step 6	Final
username	undefined	'alice'	'alice'	'alice'	'alice'	'alice'
password	undefined	'1234'	'1234'	'1234'	'1234'	'1234'
user	undefined	undefined	{id:1, username:'alice', password:'1234'}	{id:1, username:'alice', password:'1234'}	{id:1, username:'alice', password:'1234'}	{id:1, username:'alice', password:'1234'}
req.session.userId	undefined	undefined	undefined	undefined	1	1

Key Moments - 3 Insights

Why do we check if the user exists before comparing passwords?

What happens if the password does not match?

Why do we store user ID in the session?

Visual Quiz - 3 Questions

Test your understanding

Look at the execution_table, what is the value of 'user' after step 3?

A{id:1, username:'alice', password:'1234'}

Bundefined

Cnull

D'alice'

Concept Snapshot

User login flow in Express:
- Receive POST /login with username & password
- Find user in database
- If user not found, send error
- Compare passwords
- If mismatch, send error
- If match, create session
- Send success response
Always check user exists before password

Full Transcript

This visual execution trace shows how an Express server handles a user login request. First, the server receives a POST request with username and password. It extracts these values and looks up the user in the database. If the user is not found, it immediately sends an error response. If the user exists, it compares the provided password with the stored password. If they do not match, it sends a wrong password error. If they match, the server creates a session by storing the user ID and sends a success response. Variables like username, password, user, and session data change step-by-step as shown. Key moments include checking user existence before password comparison and storing user ID in session to keep the user logged in. The quiz questions help reinforce understanding of variable states and flow steps.