Coding and Blogging Hacks

Blog

How user authentication works on the web?

1 year ago 2 min read

Share your learning

User authentication is a process that verifies the identity of a user accessing a system or application. It typically involves the interaction between a server and a client, such as a web browser, to establish and maintain a secure session.

Here’s a high-level overview of how user authentication works in a typical web application:

how server and client works on the internet

User initiates the authentication process:

The user enters their credentials, such as a username and password, on the login page of the web application. Then hit the submit button.

User credentials are sent to the server:

The browser securely sends the credentials (usually over HTTPS) from the login form to the server for verification once the user submits it.

Server verifies the credentials:

The server receives the user’s credentials and checks them against a database or some other form of user store. If the provided credentials match the stored ones, the server proceeds with the authentication process. Otherwise, it returns an authentication failure message.

Session creation:

If the credentials are valid, the server creates a authenticated session for the user. Server generates a unique identifier for this authenticated session and send back to the client browser.

Session identifier is stored on the client:

The client (browser) stores the session identifier, usually as a cookie, to associate subsequent requests with the authenticated session.

Client includes the session identifier in subsequent requests:

With each subsequent request, the client includes the session identifier. Typically as a cookie in the request headers, allowing the server to identify the session associated with the user.

Server verifies the session identifier:

When the server receives a request with a session identifier, it looks up the corresponding session data on the server. This may involve querying a session store or database to retrieve the session data associated with the provided identifier.

Access control and authorization:

Once the server has verified the session identifier and retrieved the associated session data. It can determine the user’s identity and apply necessary application permissions to the user.

Session expiration and logout:

Sessions typically have an expiration time to ensure security. The session data will invalidated on the server with the user logout or session expiration. Then the client’s session identifier becomes invalid for future requests.

Summary

In summary, the server verifies the browser where the user is logged in by associating a unique session identifier. This authenticated session is stored on the server and the session identifier stored on the client as a cookie. The server can then verify subsequent requests by matching the client’s cookie and the associated session data on the server.

Leave a Reply Cancel reply

Resolving the ‘Uncaught TypeError’ in jQuery AJAX: Understanding and Fixing the ‘append’ Interface FormData Error

Most asked 20 JavaScript interview questions for beginners with answers & examples

What is async and await in JavaScript for beginners?

Retrieving unique Values from two array – JavaScript

Open File To The New Tab Using JavaScript Blob URL

Firebase Cloud Messaging (FCM) with Ionic 6: Push Notifications

Ionic 5 image preview modal animation with Live example & source code

Ionic 5 testing automation with Cypress [Beginner]

Compose Ionic 5 emails with attachments (free source)

Live examples of chart.js with Ionic 5

Just arrived

How to Switch PHP Versions in XAMPP Easily: Managing Multiple PHP Versions on Ubuntu

How to Use Coding to Improve Your Website’s SEO Ranking?

Most Important Linux Commands for Web Developers

Top 75+ Laravel Interview Questions Asked by Top MNCs