# 🎓 Lesson 14: Using requests.Session() & Cookies

🎯 Goal

In this lesson, you’ll learn how to:

- Use `requests.Session()` to persist data (cookies, headers)

- Log into a website using `POST` requests

- Access authenticated pages using your session

- Handle simple session-based sites with BeautifulSoup


## 💻 Practice Site:

📍 https://quotes.toscrape.com/login

This page is specifically made for scraping practice and allows login with any credentials.

## ✅ Step-by-Step Example: Simulate a Login and Access a Protected Page

In [None]:
import requests
from bs4 import BeautifulSoup

# Create a session object
session = requests.Session()

# First, get the login page to retrieve the CSRF token
login_url = "https://quotes.toscrape.com/login"
response = session.get(login_url)
soup = BeautifulSoup(response.text, "lxml")

# Extract the hidden CSRF token from the login form
csrf_token = soup.find("input", {"name": "csrf_token"}).get("0")

# 📥 Login credentials and token
payload = {
    "csrf_token": csrf_token,
    "username": "testuser",
    "password": "testpass"
}

# Send a POST request to log in
response = session.post(login_url, data=payload)

# Now access a protected page with the same session
protected_url = "https://quotes.toscrape.com/"
protected_response = session.get(protected_url)
protected_soup = BeautifulSoup(protected_response.text, "lxml")

# Confirm if login was successful
if protected_soup.select_one("a[href='/logout']"):
    print("✅ Logged in successfully!")
else:
    print("❌ Login failed.")

# Extract quotes (same as before)
quotes = protected_soup.select("div.quote")

for quote in quotes:
    text = quote.select_one("span.text").text.strip()
    author = quote.select_one("small.author").text.strip()
    print(f"📝 {text} — {author}")


## Explanation

| Concept              | Description                                          |
| -------------------- | ---------------------------------------------------- |
| `requests.Session()` | Keeps cookies and headers between requests           |
| CSRF token           | Security measure (must be sent with the login form)  |
| POST login           | Simulates the login form submission                  |
| Reuse session        | Makes further requests to access "logged-in" content |


## Why Use Sessions?

- 🔐 Stay logged in (cookies are automatically stored and reused)

- ⏱ Faster than re-authenticating every time

- 📄 Access pages only available to logged-in users (e.g., dashboards)

## Practice Tasks

1. Try logging in with different usernames and passwords (they don’t matter here).

2. Print the CSRF token before sending it — understand how sites secure login forms.

3. Visit the logout page:

```bash
session.get("https://quotes.toscrape.com/logout")
```

## 🔜 Next up: Lesson  15 – Regex in BeautifulSoup

Learn how to match flexible patterns in messy HTML using `re.compile()` and regular expressions.