I am building a new website where a user can login. I see three possible options:
1. classic type login:
<form action="/login.php" method="POST">
</form>
and the submit button goes to login.php
and validates and redirects if success
2. ajax type login:
Same as above but do an ajax call instead and then the javascript redirects.
3. iframe login:
Same idea as stackoverflow/openid
What is the most secure and best way to do this?
well, in my opinion options 1 & 2 should use post, and in your code you should make sure the request is post. you should also add in other session logic against spoofing if you want the application to be super secure, but this is preferential to the developer and the application. i find iframes to be evil and many hackers use iframes to hack unknowing user's accounts. openid is a trustworthy way to login and is becoming more widely adopted, as well as the facebook version of openid. i know they use the iframe method, but verification is doubled and i believe https is required to implement these type of logins.
again all of this is just my opinion and mostly reliant on the developer's design and business needs/requirements of the application.
hope this helps :)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With