Login

At the end of this guide, you will have a secure login system with dual rate limiting and timing attack protection.

The login component provides a complete authentication flow that verifies user credentials and creates sessions. Login only accepts credentials using the email column. The unverified_email column is not considered until verified.

The component includes:

• Email and password authentication
• Session creation and management
• Dual rate limiting (IP-based and email-based)
• Timing attack protection
• Logout functionality