Basic Authentication
- This site implements secure logins using same-site, http-only cookies and server actions.
- Both session and JWT implementations have been implemented as a prerequisite to gain a better understanding of basic auth and the merits of proven third party open source solutions.
- For a complete working authentication solution using NextAuth.js and Oauth provides visit nextauth.syntapse.co.uk
- nextauth.syntapse.co.uk implements a full registration and authentication service using email confirmations and randomised verification URLs
- As this is a test and demonstration site only, full login capabilities will not be developed further here.
This test site currently supports both JWT and session authentication! If things arent working as expected clear cookies.
Session based authentication
△
Features
- Default users are for testing are 123/123 (admin) and 456/456 (authenticated)
- New users can be registered and login/out but will reset to defaults on page load
- Basic auth validation checks for duplicate users and password mismatches
- The check button will check for authorisation and return a message
- The test link will load another page that conditionally renders anonymous and authenticated content
Cookie notes
- Cookies are same site and http only to reduce chance of XSS attack.
- Cookies by their nature will persist across windows, tabs and sessions.
- A unique encypted session token is issued to each unique login and removed/renewed on logout
- There is no expiry on the session cookie so will persist until manually removed or the user logs out.