Ajax Logins


While over at the Ajaxian, I saw an interesting article from evolt.org about an Ajax-enabled login system by James Dam. There's a demo that shows how it works. The overall effect is quite nice, I think. Rather than flipping from page to page as you log in, the authentication is done from a single page. There are also some advantages from a security standpoint (most notably the password is hashed before it's transmitted to the server, unlike a forms approach).

This would be excellent for blog comment forms and other places where people authenticate, but don't leave the page. In other systems, I'd want users to stay on the same page when they fail to authenticate (with an appropriate message) but redirect to the right page when they succeed.

At the CTO Breakfast on Tuesday, Bruce Grant made the comment that this isn't really thin-client programming. It's thick-client programming where the client is loaded and updated on the fly from a server. I think he's got a point. As I thought about it more, I decided that the issue isn't thick or thin, the issue is OS-based or browser-based clients. As browser-based clients become richer, they advantages of dynamic code loading will make them the choice for most apps.