Mockups of web authentication: the REST rescue

As I stated yesterday about how browsers should authenticate the client in order to let server remain stateless ( no session, no cookies, no tokens ) I wanted to show off a more tangible image of the “authentication sidebar” I mentioned in the post.

I played with balsamiq – for the first time in my life – and here’ my results.

User opens a webpage

( User access its facebook account, you can see the imploded sidebar at the left of the screen )

User logs in

The browser has logged in the user with the last opened client-side session ( browser cache ). Now the user is able to change the account of the website ( facebook ).

User updates account

Everything is transparent to the server: everything the user’s doing is updating a browser’s authentication DB.

User creates an account?

I got some doubts about new account creation ( it always should send a request to the server, so I dunno if it makes sense to keep in on the authentication sidebar ).


Hi there! I recently wrote an ebook on web application security, currently sold on leanpub, the Amazon Kindle store and gumroad.

It contains 160+ pages of content dedicated to securing web applications and improving your security awareness when building web apps, with chapters ranging from explaining how to secure HTTP cookies with the right flags to understanding why it is important to consider joining a bug bounty program.

Feel free to skim through some of the free chapters published on this blog and, if the content seems interesting enough to you, grab a copy on leanpub, the Amazon Kindle store, gumroad or simply checkout right down below!

Buy the Web Application Security ebook for $6.99

In the mood for some more reading?

...or check the archives.