HTTP+HTML Form based authentication

From Seo Wiki - Search Engine Optimization and Programming Languages

Jump to: navigation, search
Persistence · Compression · HTTP Secure
ETag · Cookie · Referrer · Location
Status codes
301 Moved permanently
302 Found
303 See Other
403 Forbidden
404 Not Found

HTTP+HTML Form based authentication, typically presently colloquially referred to as simply Form based authentication (which in actuality is ambiguous, see form based authentication for further explanation), is a technique whereby a website uses a web form to collect, and subsequently authenticate, credential information from a user agent, typically a web browser.


Interaction Summary

The steps of the technique are:

Adoption Considerations

HTTP+HTML Form-based Authentication is arguably the most prevalent user authentication technique employed on the Web today. It is the approach of choice for essentially all wikis, forums, banking/financial websites, ecommerce websites, Web search engines, Web portals, etc.

The overarching reason for this is apparently that the websites, whether by dint of simple implementation (e.g. the default configuration of website software, e.g. mediawiki, phpbb, drupal, wordpress, and commercial alternatives, etc.), or by corporate desires, e.g. branding, wish to have fine-grained control over the presentation and behavior of the solicitation for user credentials -- and the default popup dialog boxes provided by web browsers when HTTP Basic access authentication or Digest access authentication are employed (presently) don't allow for such tailoring on the part of the website provider.

Note that this -- the credence given to "user experience", not to mention branding, what the less charitable would term "simply eye candy" -- is done in the face of the security considerations enumerated below.

Security Considerations

  • This technique is inherently phishable. This is a major, pragmatic, consideration given the present-day prevalence of phishing.

See also

Personal tools

Served in 0.439 secs.