Currently, our application is missing one crucial feature: anyone can post messages in the chat, and there is also no way to determine which user sent which message. Because of this, in the next step, we will add an authentication layer to our chat application. For this, we'll need a login form and some kind of authentication handler.

In this example, we will use a typical session-based authentication. After successfully authenticating the username and password, the system will create a new session for the user and store the (random and non-guessable) session ID in a cookie on the user's browser. On subsequent requests, the authentication layer can use the session ID from the cookie to look up the currently authenticated user. ...