Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am building a new website where a user can login. I see three possible options:
1. classic type login:
<form action="/login.php" method="POST">
</form>
and the submit button goes to login.php and validates and redirects if success
2. ajax type login:
Same as above but do an ajax call instead and then the javascript redirects.
3. iframe login:
Same idea as stackoverflow/openid
What is the most secure and best way to do this?
well, in my opinion options 1 & 2 should use post, and in your code you should make sure the request is post. you should also add in other session logic against spoofing if you want the application to be super secure, but this is preferential to the developer and the application. i find iframes to be evil and many hackers use iframes to hack unknowing user’s accounts. openid is a trustworthy way to login and is becoming more widely adopted, as well as the facebook version of openid. i know they use the iframe method, but verification is doubled and i believe https is required to implement these type of logins.
again all of this is just my opinion and mostly reliant on the developer’s design and business needs/requirements of the application.
hope this helps 🙂