connect.bodyParser(), connect.cookieParser(), connect.session({secret: 'my app secret'}) , function(req, res, next) { if(req.url == '/' && req.session.logged_in) { res.writeHead(200, {'Content-Type': 'text/html'}); res.end( 'welcome back, <h3>' + req.session.name + '</h3>' + '<a href="/logout">Logout</a>' ); res.end('wrong username/password'); } else { req.session.logged_in = true; req.session.name = users[req.body.user].name; res.end('Authenticated'); function(req, res, next){ if(req.url == '/logout') { req.session.logged_in = false; res.writeHead(200, {'Content-Type': 'text/html'}); res.end('Logged Out');