A: You create a middleware function (e.g. checkLogin) that checks whether req.session (or req.session.userId or a flag like req.session.loggedIn) is set. If not, redirect to login or return a 401/403 response. Use this middleware on routes that require authentication (e.g. app.get(‘/welcome’, checkLogin, (req, res) => {…})). In logout route, destroy the session (req.session.destroy(…)) and redirect. The blog shows exactly this pattern.
