Cookie-Based Authentication

Cookie-Based Authentication

In order to build my understanding of web authentication, it was suggested that I start at the beginning by implementing the most basic cookie-based authentication workflow.

The Authentication Workflow

Here is the basic workflow to be implemented:

  1. Set up a local PostgreSQL database with Users and Sessions tables, and a simple login form with username and password fields.
  2. Create a basic login form with username and password fields.
  3. Implement routes for user signup, signin, and signout.
  4. On sign up:
    • Create a new user in the Users table if they don’t exist.
    • Generate a new session in the Sessions table with an expiration time.
    • Send a session cookie to the client and display a “Logged in” message.
  5. On page refresh:
    • Send the session cookie to the server.
    • Verify the session against the Sessions table.
    • Return the appropriate page based on the session validity.
  6. On sign out:
    • Delete the session cookie on the client side.
    • Expire the corresponding session in the Sessions table.

For now, the focus is on understanding the core concepts and flow rather than security. When this example is finished, it can be expanded upon later.