Hi friends,
I try to remember myself what is the normal and secure flow of an authenticated vs unauthenticated user. I've been using the web for eternity but I would like to be sure and maybe you guide me through this.
What are authentication rules ?
For instance, an authenticated user cannot sign-in until he/she sign-out. He cannot sign in while being signed in already. What about redirections after these actions... etcetera.
Is there any web resource to follow on this ?
Of course I'm using no library and implementing it myself via JWT.
All I need is a list to follow.
Thanks a lot 😀
Top comments (3)
Thank you so much Phil, very nice article indeed. I don't think my service would hold or process information subject to GDPR. Of course it is to keep an eye on,
again thank you the article in the link is a gift.
Update:
I'm aware of owasp security checklist.
Also I found this one which is nice cloud.google.com/blog/products/ide...
But still, I'm looking for an overall strategy for the perfect user experience.