This article focuses on user authentication and some best practices to use when building a secure login environment for members of an application. Our goal here is not to simply allow users to login and access members only content and/or features – we can do this very easily by setting some session data after checking the username & password entered exist in the database. We want to expand on this. We want it to be as secure as we can make it, and for it to be useful to us as administrators too – we want to see who has logged in and when for example.