The definitive guide to forms based website authentication

Stack Overflow’s community-written guide on how to properly implement cookie-based authentication. Count how many best practices your favorite website doesn’t adhere to, then despair as you realize that this list doesn’t even touch on things like CSRF.

(My posting this totally has nothing to do with anything I might have read about five minutes ago on my dashboard.)