Persona is no longer actively developed by Mozilla. Mozilla has committed to operational and security support of the persona.org services until November 30th, 2016.
On November 30th, 2016, Mozilla will shut down the persona.org services. Persona.org and related domains will be taken offline.
If you run a website that relies on Persona, you need to implement an alternative login solution for your users before this date.
For more information, see this guide to migrating your site away from Persona:
The Quick setup guide should be enough to get you started, but when building a full production site you'll probably need features that aren't covered in that guide. In this page we've collected features that are commonly needed by sign-in systems, and explained the best-practice way to implement them with Persona.
- Call logout() after a failed login
- Always call logout() if you reject an assertion, to avoid a mismatch between your idea of the current user and Persona's idea, which can lead to an endless loop of failed logins.
- Adding extra email addresses with Persona
- How to let your users add secondary email addresses using Persona.
- Enabling users to change their email address
- How to let your users change their email address using Persona.
- Problems integrating with CSRF protection
- A problem caused by the interaction between a common mechanism for CSRF (Cross Site Request Forgery) protection and Persona's Observer API.
- Call request() or get() only from a key handler or in response to a keypress
- Because Persona uses popup windows, you must call request() or get() only in response to a click or a key press, not some other event.
- Testing your system
- Some pointers for simulating users logging in and out of your website.