The definitive guide to form-based website authentication

The definitive guide to form-based website authentication

We believe that Stack Overflow should not just be a resource for very specific technical questions, but also for general guidelines on how to solve variations on common problems. "Form based authentication for websites" should be a fine topic for such an experiment.

Form-based authentication for websites

We believe that Stack Overflow should not just be a resource for very specific technical questions, but also for general guidelines on how to solve variations on common problems. "Form based authentication for websites" should be a fine topic for such an experiment.

It should include topics such as:

  • How to log in
  • How to log out
  • How to remain logged in
  • Managing cookies (including recommended settings)
  • SSL/HTTPS encryption
  • How to store passwords
  • Using secret questions
  • Forgotten username/password functionality
  • Use of nonces to prevent cross-site request forgeries (CSRF)
  • OpenID
  • "Remember me" checkbox
  • Browser autocompletion of usernames and passwords
  • Secret URLs (public URL protected by digest)
  • Checking password strength
  • E-mail validation
  • and much more about form based authentication...

It should not include things like:

  • Roles and authorization
  • HTTP basic authentication

Please help us by:

  1. Suggesting subtopics
  2. Submitting good articles about this subject
  3. Editing the official answer


Angular 9 Tutorial: Learn to Build a CRUD Angular App Quickly

What's new in Bootstrap 5 and when Bootstrap 5 release date?

Brave, Chrome, Firefox, Opera or Edge: Which is Better and Faster?

How to Build Progressive Web Apps (PWA) using Angular 9

What is new features in Javascript ES2020 ECMAScript 2020

How to build a secure Grails 4 Application using Spring Security Core

In this Grails 4 tutorial, we will show you how to build a secure Grails 4 application using Spring Security Core Plugin. We will add the login and register function to the Grails 4 application.

Securing RESTful API with Spring Boot, Security, and Data MongoDB

A comprehensive step by step tutorial on securing or authentication RESTful API with Spring Boot, Security, and Data MongoDB

The Future of Security

Ever wonder why technology seems to be more fail by design than security and privacy based? In this talk, I will highlight the way we approach security today, and how we can adjust this to be effective. We will look at why technology often isn't built with security or privacy as default, and how we can be a part of the shift to embedding security.