By mswatcher
via weblogs.asp.net
Published: Oct 11 2007 / 13:17
Since the conception of secure pages on the internet, there has been the "Login Page" . When a user authenticates on this "Login Page" they usually get some sort of a Session set for them, and they're forwarded to a new page. When the authentication times out, or the user logs out, they get redirected to the "Login Page" (yea yea some of us might have a logout page).
Now with AJAX running rampant on the web, every callback that's done needs to be authenticated to make sure the user is who they way they are. However, a
Comments
cfelde replied ago:
The problem with this is that you either have to use https all the way, since AJAX calls can suddenly use https for one request when they are using http for everything else, or you need to send the login and password over http, which isn't acceptable.
Why not just use a periodic AJAX call to update the session, if you don't want it to time out while you're at the site.
MadACR replied ago:
This would probably work for most sites, but be aware of the AJAX components that can go south. And have a redirect method in backup. As far as worring about HTTPS, why? A blog site, has no need. And if it is a form to check out from an e-store, then use the backup method for that page, and switch to the backup.
Voters For This Link (6)
Voters Against This Link (3)