Form-based authentication for websites
We believe that Stack Overflow should not just be a resource for very specific technical questions, but also for general guidelines on how to solve variations on common problems. "Form based authentication for websites" should be a fine topic for such an experiment.
It should include topics such as:
- How to log in
- How to log out
- How to remain logged in
- Managing cookies (including recommended settings)
- SSL/HTTPS encryption
- How to store passwords
- Using secret questions
- Forgotten username/password functionality
- Use of nonces to prevent cross-site request forgeries (CSRF)
- OpenID
- "Remember me" checkbox
- Browser autocompletion of usernames and passwords
- Secret URLs (public URL protected by digest)
- Checking password strength
- E-mail validation
- and much more about form based authentication...
It should not include things like:
- Roles and authorization
- HTTP basic authentication
Please help us by:
- Suggesting subtopics
- Submitting good articles about this subject
- Editing the official answer
#security