How to implement a basic authentication system ?
Consider the user has registered and the details are stored in database with salted password , now the user fills the form for log in , server checks if the new salted password compares to one in database for the username . Is this how it is done or is there more to it? I have read a lot about it like using jwt token and http cookie for passing details and security and session maintaining but no clear idea on how should i include them or if i should even care about it . Also consider the site doesn't have any payments or any sensitive data . It just allows more features access to those who are logged in (but might add payment in future)