Skip to main content


Home Form authentication

Form authentication

(also form-based authentication)

Form authentication definition

Form authentication is a user authentication method used by web applications. In form authentication, users are presented with an HTML form to submit their credentials (typically a username and password) for access to protected resources.

See also: tokenization, authentication server, certificate-based authentication, two-factor authentication, HTTP

How form authentication works

  • When a user attempts to access a protected resource or performs an action that requires authentication, the server redirects them to a login page. This page contains an HTML form that prompts the user to enter their credentials.
  • The user fills in the form with all the required information, which is then sent to the server as an HTTP POST request.
  • Upon receiving the login request, the server performs authentication checks by verifying the provided credentials against a stored user database or an authentication provider (such as LDAP).
  • If the credentials are valid, the server creates a session or token to represent the authenticated user and associates it with the user's session data on the server. This session identifier may be stored in a cookie or appended to URLs to associate subsequent requests from the user with their authenticated session data.
  • After successful authentication, the server redirects the user to the originally requested resource or grants access to the protected function.
  • Sessions often have a timeout duration to protect against unauthorized access — the user’s session is automatically terminated after a specified period of inactivity.