7,219 questions
5510
votes
11
answers
697k
views
The definitive guide to form-based website authentication [closed]
Moderator note:
This question is not a good fit for our question and answer format with the topicality rules which currently apply for Stack Overflow. We normally use a "historical lock" for ...
49
votes
1
answer
22k
views
Reference - Password Validation
Quite often, questions (especially those tagged regex) ask for ways to validate passwords. It seems users typically seek password validation methods that consist of ensuring a password contains ...
467
votes
10
answers
880k
views
Use basic authentication with jQuery and Ajax
I am trying to create a basic authentication through the browser, but I can't really get there.
If this script won't be here the browser authentication will take over, but I want to tell the browser ...
- 27.1k
598
votes
15
answers
588k
views
Validate a username and password against Active Directory?
How can I validate a username and password against Active Directory? I simply want to check if a username and password are correct.
Scott
681
votes
51
answers
1.3m
views
Google OAuth 2 authorization - Error: redirect_uri_mismatch
On the website https://code.google.com/apis/console I have registered my application, set up generated Client ID: and Client Secret to my app and tried to log in with Google.
Unfortunately, I got the ...
- 48.6k
798
votes
14
answers
432k
views
RESTful Authentication
What does RESTful Authentication mean and how does it work? I can't find a good overview on Google. My only understanding is that you pass the session key (remeberal) in the URL, but this could be ...
- 9,313
160
votes
4
answers
151k
views
Performing user authentication in Java EE / JSF using j_security_check
I'm wondering what the current approach is regarding user authentication for a web application making use of JSF 2.0 (and if any components do exist) and Java EE 6 core mechanisms (login/check ...
- 7,913
284
votes
15
answers
352k
views
Set cookies for cross origin requests
How to share cookies cross origin? More specifically, how to use the Set-Cookie header in combination with the header Access-Control-Allow-Origin?
Here's an explanation of my situation:
I am ...
- 8,010
511
votes
2
answers
418k
views
How to implement REST token-based authentication with JAX-RS and Jersey
I'm looking for a way to enable token-based authentication in Jersey. I am trying not to use any particular framework. Is that possible?
My plan is: A user signs up for my web service, my web service ...
- 6,533
359
votes
26
answers
277k
views
How to log out user from web site using BASIC authentication?
Is it possible to log out user from a web site if he is using basic authentication?
Killing session is not enough, since, once user is authenticated, each request contains login info, so user is ...
- 31.6k
1101
votes
19
answers
1.4m
views
PostgreSQL error: Fatal: role "username" does not exist
I'm setting up my PostgreSQL 9.1. I can't do anything with PostgreSQL: can't createdb, can't createuser; all operations return the error message
Fatal: role h9uest does not exist
h9uest is my account ...
- 11.7k
99
votes
16
answers
103k
views
PHP Sessions across sub domains
I am trying to set up the following:
auth.example.com
sub1.example.com
sub2.example.com
If the user visits sub1.example.com or sub2.example.com and they are not logged in, they get redirected over to ...
- 15.5k
55
votes
8
answers
185k
views
How to handle authentication popup with Selenium WebDriver using Java
I'm trying to handle authentication popup using the code below:
FirefoxProfile profile = new FirefoxProfile();
profile.setPreference("network.http.phishy-userpass-length", 255);
profile.setPreference(...
- 928
665
votes
17
answers
354k
views
JWT (JSON Web Token) automatic prolongation of expiration
I would like to implement JWT-based authentication to our new REST API. But since the expiration is set in the token, is it possible to automatically prolong it? I don't want users to need to sign in ...
- 6,869
379
votes
8
answers
235k
views
Where to store JWT in browser? How to protect against CSRF?
I know cookie-based authentication. SSL and HttpOnly flags can be applied to protect cookie-based authentication from MITM and XSS. However, more special measures will be needed to apply in order to ...
- 5,701