README.txt

 Notes for flask_blog_authenticate project, based on 
   https://www.digitalocean.com/community/tutorials/
           how-to-make-a-web-application-using-flask-in-python-3
 live coding in class, adding a "login" page :
 a session, password, cookie, and all that.

 A "session" is the web app name for the method used
 to keep track of a user's visits to the site, particularly
 in tracking whether or not they are logged in
 (or "authenticated"). There are a variety of ways to
 to implement 

 Flask, like many web backend systems, does have library support
 for authentication and sessions. See for example
 https://flask-session.readthedocs.io/en/latest/ .
 However, for now I'd rather we understand explicitly how sessions
 work and code our own implementation using the database and cookies.

 Similarly, I'd like to look at how to correctly handle passwords
 in a web app : namely, using salted password hashes.

 The logic goes like this :

  (1) We have a tables in our database something like this :

    User    ( id, username, password_hash )
    Session ( id, cookie, user_id, authenticated, expires )

  (2) We define a cookie name for our app to store the session, maybe

    SandyBlogDemo

  (3) The cookie values will be random numbers, generated by the
      app whenever that cookie name doesn't already have a value.
      And whenever a new random value is generated, we also insert
      a row in the Session table corresponding to track this visitor.

  (4) The user logs in by supplying a username and a passord.
      But we don't store the password; instead we store a "hash" -
      a corresponding encrypted string - that can be used to see
      if the correct password is supplied.

 Here are some of the topics to look up :

 "flask salt password"
 https://www.rithmschool.com/courses/intermediate-flask/hashing-passwords-flask

 "flask cookies"
 https://pythonbasics.org/flask-cookies/

 "html form password"
 https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/password

 "how do sessions and cookies work"

 https://web.stanford.edu/~ouster/cgi-bin/cs142-fall10/lecture.php?topic=cookie

 https://www.guru99.com/difference-between-cookie-session.html

-------------------------------------------------------------

TO_DO:

 (a) Get and set a (random) session cookie.
     As a first step, simply display it on the web page.

 (b) Modify the SQLite database to include a User and Session table.

 (c) For each visit, get the cookie, find the corresponding Session,
     and look for that user's info.

 (d) Create a "login" page with username & password fields.

 (e) implement password hashing : storing & checking if valid

 (f) Add some default dummy "test" data - username, password hash
     into the databse; part of the init_db.py script.

 (g) ... connect all the pieces.