LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

How do you verify a login with bcrypt?

Look up the user's stored hash and pass it with the submitted password to bcrypt.compare().

// Step 1: Find user in database
const user = await db.collection('users').findOne({
  username: { $eq: req.body.username }
});

// Step 2: Compare password with stored hash
const match = await bcrypt.compare(req.body.password, user.hash);
if (!match) {
  // Wrong password - reject login
}

// Step 3: Set session variable
req.session.user = req.body.username;

Never compare hashes directly - bcrypt.compare() handles the salt correctly.

From Quiz: WEBT / User Sessions | Updated: Jun 20, 2026