Web Design Best Practices
Web Application Authentication Tutorial:
Introduction to the Login process.
Probably one of the most common tasks for a web application is to implement some type of authentication to ensure users only get access to the portions of the web application they are permitted to access.
The first thing a many developers will want to start with is a login form, like the basic login form we are about to see. A novice developer may often ask how to implement a login page using just HTML tags, JavaScript and a text file. Sorry to say, it can't be done that way. The users and their passwords will need to be stored in a database1 and they will need a server side scripting language2 to connect their login form to the database.
Unfortunately, the login form is just the beginning of many things that need to be considered.
Let's look first at what at first glance is the login process.
- The user navigates to the login page, (possibly via a hyperlink.)
- The login page presents a form requesting user id and password.
- The user enters user id and password and submits the form.
- Server side code retrieves the posted values for user id and password and the values are used to query the database table to authenticate the user.
- The user is presented with a success or failure message.
- Some state mechanism is set to indicate that the user is authenticated.
Okay. That's pretty simple, and that is what this basic login page does. Let's take a look:
