The MyBlog web application supports many users so they can post engaging content that the community will read. In addition, that community can read and comment on the content posted by other users. However, it’s unlikely users want the content that they created edited or deleted by a user other than themselves.
To control who can access and use the MyBlog site, we’ll need to identify users. Identifying users on a web application is called authenticating a user. This allows the application to ensure a user is who they claim to be.
Providing authentication to the MyBlog application is the intent of this chapter. However, doing so with a web application presents some unique challenges.
The MyBlog web application follows the request/response model supported by HTTP. The user creates an HTTP GET request from the browser, and the server responds by sending the requested HTML, CSS, JavaScript, and image files back. Nothing in that transaction implies that the server has prior knowledge about the requests it received. The HTTP protocol is stateless, meaning each request is complete and independent from any previous request. The server maintains no memory of past, present, or future request/response transactions.