(also form-based authentication)
Form authentication definition
Form authentication is a user authentication method used by web applications. In form authentication, users are presented with an HTML form to submit their credentials (typically a username and password) for access to protected resources.
How form authentication works
- When a user attempts to access a protected resource or performs an action that requires authentication, the server redirects them to a login page. This page contains an HTML form that prompts the user to enter their credentials.
- The user fills in the form with all the required information, which is then sent to the server as an HTTP POST request.
- Upon receiving the login request, the server performs authentication checks by verifying the provided credentials against a stored user database or an authentication provider (such as LDAP).
- If the credentials are valid, the server creates a session or token to represent the authenticated user and associates it with the user’s session data on the server. This session identifier may be stored in a cookie or appended to URLs to associate subsequent requests from the user with their authenticated session data.
- After successful authentication, the server redirects the user to the originally requested resource or grants access to the protected function.
- Sessions often have a timeout duration to protect against unauthorized access — the user’s session is automatically terminated after a specified period of inactivity.