Custom Login Page

Not having a login page on your website is a great way to advertise that you have nothing worth protecting, do not have plans to expand and do not care to create relationships with visitors. If also gives you the opportunity to let visitors know that you do not have any web expertise on staff.

Your site needs to know who is visiting so it knows what privileges to grant and how to customize itself to achieve the intended goals. Users now expect not to be hassled with any further security issues once they are logged in to a site. You need custom written login pages on the administration and control pages for sure, and most often also on the public part of the website. Typically a database stores information about users and their privileges and when they login a lookup is done to decide how to respond. You might be surprised at how many valuable functions a login page can perform and how many features of a website rightfully belong on the login page rather than other places they are often found.

The actual mechanics behind a login are dependent on something called session variables which are stored on the web server you are visiting. They are looked up each time you visit a new page and resaved when the page is finished displaying (when you quit your browser session variables are lost). The sites ability to assign the right variables to each of thousands of visitors is dependent on its writing index cookies on visiting computers. For login purposes each page on your site calls a site wide function that checks a dedicated session variable to see if you are logged in. Then a check is made to see if a cookie on your computer stores your login. Failing that the login page is displayed and the cookie written to your computer after login (usually if you check a box to indicate you want to stay logged in between sessions). Thus adapting an entire site to login is as simple as adding one line of program code at the top of each page.

Custom Control Login Page

This needs to be the most secure and low profile page on your site. No one else goes here except the chief administrator or company owner. Thus it needs its own private password and verification system that is not database driven (either programmed specifically or employing a web server or operating system mechanism like htaccess, apache configuration).

Custom Public Login Page

Your public login page must be easy to use and give them the ability to create an account with basic access rights, edit their settings and retrieve their password via email if forgotten and it must integrate into the database system (e.g. people, sales, invoices). It should also provide information about logging in give and visitors the option of staying logged in for an extended period.

Among the many great advantages of login pages are that they give you an opportunity to capture information about everyone who visits your site, track when and why they come, treat them as individuals. Without login pages sites like ebay, amazon, google, etc. could not exist.

Custom Team and Administration Login Page

The login system is a natural place for team messaging because everyone in the organization has to go through it to get into the administration system.

Look at this example page. I have logged in and based on my privileges I have a list of management links at the top. I also have messages from other members of the team. This is not email, but a private custom written system so there is zero spam and it is much faster than email. I can send a message to anyone on the team by simply picking their name from the drop down list. After sending a message it remains in the box so I can edit it and send it to someone else.

At the bottom I can change my login any time and have the system forward an email message if needed (to get them to login and read the message here).

Visit Triggered Communication

Sites like Ebay, Amazon, the banks, etc. no longer send out emails related to any security or registration issue. This is because there is so much fraud going on where criminals create shadow websites and send out messages designed to fool people into going to those shadow websites and logging in (and thereby revealing their login information). Ebay or your bank waits till you visit and then catches you up on all messages they need to deliver and actions you need to take with regard to your account. Obviously such a system cannot work without a login system and related people management database.

Custom Programming and Security

A login page is a great example of why you need custom programming. First of all, as noted above, multiple login pages are needed. These login pages have to be closely integrated with the rest of your site and need to evolve with the public, administration and control sections. The login page makes the most important decision of any page, it decides how much access to give the visitor. Thus is has to be the most secure and well thought out page. Security is a complex issue and no one can tell you that their cookie-cutter solution is secure, that is naive. The most important thing you can do to make your website secure is understand the nature of the threats for your business, be informed about how your login system deals with the threats and be vigilant.

Only custom-written web components can go down any road you choose!

Suite 407, 1595 Southview Drive SE, Medicine Hat, AB T1B 0A1
Answering Machine: (406) 662-0136, FAX: (866) 223-7132