Code Room
Code reviewMediumcr-g258
Subject Auth bypassLevel Mid–Senior~25 minCommon in Security interviewsIndustries Software development

Question

Review this Python (Flask) login handler.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewpython
@app.route('/login', methods=['POST'])def login():    user = authenticate(request.form['email'], request.form['password'])    if not user:        return 'bad credentials', 401    session['user_id'] = user.id    session['role'] = user.role    return redirect('/dashboard')
Run or narrate your approach, then ask the coach.