It wil be a help if more advanced feature like session time out, user being not allowed to login from 2 different m/c, counting the number of active session etc can also be provided.
similar guidelines which are followed in big ecommerce banking applications for login procedure for authentication, authorization, secure coding etc..
Joined: Nov 25, 2003
please guide or help to move my thread to a different group like design patterns on the site. I am unable to find an appropriate group in for posting my query.
Joined: Mar 22, 2005
Your question is very generic, and would take a book to answer comprehensively. But since you know a lot of the things that you intend to do (like authentication, authorization, etc.), what keeps you from implementing them? Have you worked on web apps before, and are familiar with form processing, sessions, database storage etc.? How about SSL, encryption in general, XSS and SQL injection?