Awesome! I look forward to all Web 2.0 apps using cookie-less Ajax login code.

From 2006, the year HTTP authentication broke - the weblog of Lucas Gonze.:


A few months ago a fellow named Jean-Michel Hiver posted that you could in fact do a clean and modern log-in browser interface using only AJAX methods. He didn't provide any code or much other information, but he did provide a few hints to show how it was possible to write code. I took about 45 minutes to trace his steps and verify that it was true, and it did indeed seem to be possible.

It was one of those HOLY SH*T moments. 100% of user-friendly browser apps use cookies for authentication rather than HTTP, despite the potentially huge advantage of HTTP. If Jean-Michel's point is correct, and it almost certainly is, almost all new browser apps will end up incorporating the new style.


Leave a comment on github