How to Add User Registration and Login to Your Site
How User Accounts Work on the Platform
Every user who registers gets a unique account ID. The system stores their account in the customers table with two rows: one keyed by account ID for their full profile data, and one keyed by email address for login lookups. When a user logs in, the platform looks up their email to find the account ID, verifies the password, and creates a session stored in the phpsessions table.
This dual-key design means login is fast (email lookup goes directly to the account) and account data is always accessible by ID across all platform features. Your portal users share the same account system used by the entire platform, which means they can interact with chatbots, receive SMS messages, and access any other feature tied to their account.
Setting Up Registration
Install the Account Admin app from your admin panel if you have not already. This app provides the registration, login, and account management endpoints that your portal needs.
Define which fields appear on your registration page. The minimum required fields are email and password. You can add optional fields like first name, last name, phone number, and company name. These additional fields are stored in the customers table under the data sort key for the account.
Configure the login page with your branding, including logo, colors, and any custom messaging. The login form collects email and password, validates credentials against the customers table, and creates a session. Failed login attempts show a generic error message to prevent account enumeration.
Set up password reset functionality so users can recover their accounts. The platform generates a unique reset token stored in the appReports table with a time-limited TTL, sends a reset link to the user's email, and lets them set a new password through a secure form.
Register a test account, verify the confirmation process, log out, log back in, and test password recovery. Make sure the session persists across pages and that logging out properly clears the session from the phpsessions table.
Session Management
Sessions are stored in DynamoDB rather than on a local file system. This means sessions work across multiple servers and survive restarts, which is important for portals running on scalable infrastructure. Each session contains the account ID, and every portal page checks for a valid session before rendering any user data.
Sessions have a configurable timeout. When a session expires, the user is redirected to the login page. You can control session duration based on your security requirements, with shorter sessions for sensitive portals and longer sessions for convenience-focused member areas.
Security Considerations
The platform handles the most critical security aspects automatically. Passwords are hashed before storage, sessions are validated on every request, and the login form is rate-limited to prevent brute force attacks. You should also consider adding an IP allowlist for admin accounts and enabling HTTPS on your custom domain through your DNS provider.
Add user registration and login to your website. Accounts, sessions, and password recovery handled automatically.
Get Started Free