Even though most modern browsers can remember your usernames and passwords for you, it is nice for a web application to allow an individual to return to a web site and be automatically logged in without having to submit credentials every time they do so. Implementing "Remember Me" with the Istarel Workshop Application Framework requires several code blocks, and this article assumes that basic security has already been implemented in the application.
For the applications I build, user passwords are (usually) initially system-generated, which means they appear to be an inscrutable mess of letters and numbers. Most users want to have some control over their own passwords, which means I need to provide a form that lets them change it.
The counterpart to login is logout. The best practice for implementing logout is to use an IWActionModule. While a complete action module has initialization, validation, and execution, a logout action requires only that the ApplicationSecurityDelegate can perform session handling.