Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

how login works?

Tags:

login

Well, you type username and password in form, hit "OK" button. Then data going to server side and check users database if that user is existed. Then it return user id. And what next? That data is saved in cookies? Does it mean, that with every clicked link, site login you to website again?

I mean,

  1. you click some link on site
  2. browser redirect you to that page
  3. site checks your cookies
  4. site grab username and password from cookies
  5. site checks is that data is valid (via connecting to database)
  6. show page to you

Is that correct?

like image 568
nukl Avatar asked Feb 10 '11 22:02

nukl

People also ask

How does authentication work in login?

In authentication, the user or computer has to prove its identity to the server or client. Usually, authentication by a server entails the use of a user name and password. Other ways to authenticate can be through cards, retina scans, voice recognition, and fingerprints.

What method is used for login?

For login request we should use POST method. Because our login data is secure which needs security. When use POST method the data is sent to server in a bundle. But in GET method data is sent to the server followed by the url like append with url request which will be seen to everyone.

What is a login system?

The System Login page allows users to log in with a username and password and provides the option of changing the password upon login. The System Login page also features a date and time stamp reflecting the time the page was last refreshed.

What happens when we click login?

Credentials are transferred in exchange for a token, which is subsequently associated with each future request (it can also be stored in a cookie). In response to an authentication request, the server generates an access token. These access tokens are used to perform secure API requests that need authentication.

1 Answers

  1. User enters credential.
  2. System validates credential.
  3. Upon successful authentication, server saves user object into session.
  4. System grabs user info from session.
  5. System displays webpage.

Tadaa!! :)

UPDATE

To add a little more...

  1. User visits the secured webpage.
  2. System checks if session contains a user object.
  3. If user object exists in session, allow user through to visit the page.
  4. If user object doesn't exists, redirect user to login page.

You don't need to store user password in the session. In fact, it is highly discouraged. Checking to make sure the user object exists in the session is sufficient.

When the user clicks the logout page, then proceed to invalidate the session... that's it. :)

like image 145
limc Avatar answered Sep 22 '22 02:09

limc
Sign in to Comment

Related questions

Disable Multiple login at Keycloak
AWS Sign In Loop - Can't Access the Portal
SQL Server Error 223 When Connecting
How to programmatically(python) authenticate username/password using OS users
How to customize the Mac OSX login?
Why can't I logout on django user auth?
$window.location.href NOT WORKING in AngularJS
how to implement php login or authentication session
Use mixed authentication with Asp.Net MVC (Forms, FB connect, twitter, openId)
How to identify unique users without using a login system (iOS)
iOS 11 password autofill doesn't save password to the Keychain
Is it beneficial to encrypt usernames stored in the database?
Wordpress force user to login before view any site content
Creating a secure login script in PHP and MySQL without HTTPS
Are sessions faster than querying the database?
PHP - Stop Concurrent User Logins
How to redirect back to the user desire access page after user login?
Can we hack a site that just stores the username as a session variable?
Can't log in to PayPal sandbox account
SQL Server 2005: How Secure is SQL Server Authentication?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!