As @furas commented, it is not possible to diagnose why you keep getting stuck in a loop where the user is logged into the account and it tries to redirect to /home without seeing your code sample. But I would like to share a very simplified example of how I was able to implement some security to my website so that only users that are logged in can use certain pages.

https://github.com/code50/112825123/blob/main/cs50x/flask/finance/app.py

I used the @login_required decorator provided by the Flask-Login extension. It is used to protect routes (view functions) in a Flask application, ensuring that only authenticated users can access them.

As you can see, I have passed the @login_required decorator to all the routes except login, logout and register. Every time a user want to access a protected page, they will be redirected to the login page for authentication, which is rendered by the login view function. After a successful login, only then will this person access the home page.

Hopefully, this is helpful.