Chapter 10
Users
Every web application needs to know who is using it. User management covers fundamental questions: Who can access this? What can they do? How do we secure their credentials?
Building user management from scratch is complex—you need authentication, secure password storage, sessions, password recovery, permissions, activity tracking, and privacy compliance. Getting it wrong creates security vulnerabilities.
UserFrosting handles all this for you with a complete built-in user management system: user accounts, authentication, registration, password reset, email verification, and role-based access control (RBAC). Focus on your app's unique features while relying on UserFrosting's battle-tested foundation.
This chapter covers user and admin account features and UserFrosting's powerful role-based access control system for defining who can do what.