The Quick setup guide should be enough to get you started, but when building a full production site you'll probably need features that aren't covered in that guide. In this page we've collected features that are commonly needed by sign-in systems, and explained the best-practice way to implement them with Persona.
- Call logout() after a failed login
- Always call logout() if you reject an assertion, to avoid a mismatch between your idea of the current user and Persona's idea, which can lead to an endless loop of failed logins.
- Adding extra email addresses with Persona
- How to let your users add secondary email addresses using Persona.
- Enabling users to change their email address
- How to let your users change their email address using Persona.
- Problems integrating with CSRF protection
- A problem caused by the interaction between a common mechanism for CSRF (Cross Site Request Forgery) protection and Persona's Observer API.
- Supporting users who don't have JavaScript
- Persona requires JavaScript. This page has some tips for supporting users who have JavaScript disabled.
- Call request() or get() only from a key handler or in response to a keypress
- Because Persona uses popup windows, you must call request() or get() only in response to a click or a key press, not some other event.
- Testing your system
- Some pointers for simulating users logging in and out of your website.