What's the Secret Password?
April 27, 2007 4:51 PM Subscribe
How exactly does authentication work in a website like Basecamp, or more generally, a site built on Rails or LAMP. When I sign-up, I enter a username and password. I presume this is stored in a database table. But after that, how does the server know who I am during the course of my 'visits' and how does the SQL database know what I have access to ( only my projects ) and what I don't have access to ( Other peoples projects)? Where do cookies, if at all, come into play. If cookies do come into play, can they not simply be forged? I am completely clueless regarding the subtleties of authentication, user sessions, and security. Please enlighten me.