How to implement a good system for login/out into a webapp

Posted by Brandon Wang on Stack Overflow See other posts from Stack Overflow or by Brandon Wang
Published on 2010-04-23T21:52:41Z Indexed on 2010/04/23 22:13 UTC
Read the original article Hit count: 307

Filed under:
|
|
|

I am one of the developers at PassPad, a secure password generator and username storage system. We're still working on it, but I have a few questions on the best way to implement a secure login/out system.

Right now, what we plan on doing is to have the login system save a cookie with the username and a session key, and that's all that serves as authentication. The server verifies the two to match. Upon login/out a new key is created.

This is a security-related webapp and while we don't actually store any information that might make the user queasy, because it is security-oriented it makes it a necessity for us to at least appear secure in a way that the user would be happy with.

Is there a better way to implement a login/out system in PHP? Preferably it won't take too much coding time or server resources. Is there anything else I need to implement, like brute-force protection, etc? How would I go about that?

© Stack Overflow or respective owner

Related posts about webapp

Related posts about security