This branch shows the monolithic approach where user_login() handles:
- password verification
- account locking (5 attempts = 15 min lockout)
- session creation (7 day expiration)
- failed attempt tracking
All policy decisions are in the database function. Easier to call from application (single function) but harder to change policies without migrations/running sql.
This branch shows the monolithic approach where user_login() handles:
- password verification
- account locking (5 attempts = 15 min lockout)
- session creation (7 day expiration)
- failed attempt tracking
All policy decisions are in the database function. Easier to call from application (single function) but harder to change policies without migrations/running sql.