Let's start with the login route. When a user submits a form with their username & password, it will take them to this route. Their credentials will be checked to see if they're correct. If they are, will save a session back to the mongodb store by making a username property on the session object with the username in it. Will then redirect the user to the admin page. If the credentials are not true then will redirect them to the index page.

We just got sent to the admin route. We'll check the req.session.username property that we set if the username & password was true. If the property has the username in it then will render the admin page. If it doesn't we'll redirect them back to index. We'll do the same thing for any other routes that will be authenticated with sessions.

Lastly, we have our logout route. Their will be a link displayed on the pages that used authentication. We want to destroy the session in the store when we click the link. We can do this by using the req.session.destroy method. This method takes 1 argument,

A callback function with an error object as it's parameter.