Mar 25 · 6 min read · The Auth Stack Was Wrong Hustle (hustlestats.io) is a youth soccer statistics platform built on Next.js 15 and Firebase. The auth system worked — until it didn't. Users were getting logged out after one hour despite having a 14-day cookie. The forgot...
Join discussionFeb 14 · 6 min read · By this point in the series, we’ve established three things: Passwords are structurally fragile. WebAuthn provides phishing-resistant, device-bound authentication. OpenID Connect provides portable, federated identity. Now comes the harder questi...
Join discussion
Dec 16, 2025 · 5 min read · Series: Web Authentication Demystified — From Concepts to Real-World In traditional PHP applications, sessions often feel invisible. You enable them, they work, and you move on. But once an application grows beyond a single server—especially when aut...
Join discussion
Dec 15, 2025 · 6 min read · Series: Web Authentication Demystified — From Concepts to Real-World When people think about authentication, they usually think about logging users into an application. But in real systems—especially those serving large amounts of static content—auth...
Join discussion
Dec 15, 2025 · 6 min read · Series: Web Authentication Demystified — From Concepts to Real-World Integrating an external Identity Provider (IdP) into a PHP/Yii/HumHub application requires careful handling of redirects, token exchange, validation, identity mapping, and session c...
Join discussion
Dec 11, 2025 · 6 min read · Series: Web Authentication Demystified — From Concepts to Real-WorldARC 2 — APPLYING THE THEORY: MY REAL IMPLEMENTATIONPrevious: Security Analysis of my implemented Web App Authentication System After exploring authentication from fundamentals to arc...
Join discussion
Dec 10, 2025 · 6 min read · Series: Web Authentication Demystified — From Concepts to Real-WorldARC 2 — APPLYING THE THEORY: MY REAL IMPLEMENTATIONPrevious: Architecture Overview of my implemented Web App Authentication SystemNext: Security Analysis of my implemented Web App Au...
Join discussion
Dec 9, 2025 · 8 min read · Series: Web Authentication Demystified — From Concepts to Real-WorldARC 2 — APPLYING THE THEORY: MY REAL IMPLEMENTATIONPrevious: Sessions vs Token-Based AuthenticationNext: Deep Dive: The User Authentication Flow in my implemented Web App Modern auth...
Join discussion
Dec 9, 2025 · 8 min read · Series: Web Authentication Demystified — From Concepts to Real-WorldARC 1 — FOUNDATIONS OF USER AUTHENTICATIONPrevious: Authentication Flows: Choosing the Right OneNext: Architecture Overview of my implemented Web App Authentication System Modern app...
Join discussion
Dec 4, 2025 · 5 min read · Series: Web Authentication Demystified — From Concepts to Real-WorldNext: What Is User Authentication? The Basics Explained Web authentication is central to almost everything we build today, yet it remains one of the most misunderstood areas of moder...
Join discussion
