The implementor's guide

The Quick setup guide should be enough to get you started, but when building a full production site you'll probably need features that aren't covered in that guide. In this page we've collected features that are commonly needed by sign-in systems, and explained the best-practice way to implement them with Persona.

Call logout() after a failed login
Always call logout() if you reject an assertion, to avoid a mismatch between your idea of the current user and Persona's idea, which can lead to an endless loop of failed logins.
Adding extra email addresses with Persona
How to let your users add secondary email addresses using Persona.
Enabling users to change their email address
How to let your users change their email address using Persona.
Problems integrating with CSRF protection
A problem caused by the interaction between a common mechanism for CSRF (Cross Site Request Forgery) protection and Persona's Observer API.
Supporting users who don't have JavaScript
Persona requires JavaScript. This page has some tips for supporting users who have JavaScript disabled.
Call request() or get() only from a key handler or in response to a keypress
Because Persona uses popup windows, you must call request() or get() only in response to a click or a key press, not some other event.
Testing your system
Some pointers for simulating users logging in and out of your website.