At their core, users can be represented by a few simple pieces of information:
As far as our authentication system is concerned, this will be a user. We will of course extend this with a user profile, but in terms of authentication, this is all the information we need.
Our user object is created when a user tries to log in, either based on submitting a login form supplying their username and password, or based on session data for the user ID.
If username and password are supplied, then ...