Ajax logins: why?

Posted on August 5, 2009 by sanbor

I’m starting this new blog with this little suggestion: avoid ajax logins.

Ajax it’s really cool and handy, I know, but for a login page only can be useful in very particular cases. In the rest, only helps to save time to the hackers when do brute force on your site.

How works an ajax login?

  1. The users fills the login form and press the submit button.
  2. The browser sends an asynchronous  request, via POST or GET.
  3. The server responses if the login it’s Ok or wrong, usually with an string or Json.
  4. If the login it’s Ok, the server sets a cookie with the user info (usually the user id) and the Javascript redirects to the user home.
  5. If the login fails, shows an error messages and the process starts again.

Why avoid it?

  1. First of all, doesn’t work on IE8, because its don’t allow to write a cookie in async request.Actually works, that issue was in the beta version.
  2. In the most cases, if the login is ok you will redirect to other page, so the only adventage of an ajax login is save some seconds saying “login error” more fast than reloads the website.
  3. Is not accesible (the user must have activated javascript and they browsers need to support ajax).
  4. You need to develop and test more for no advantages
  5. Isn’t KISS ! More unnecessary complex, more problems!
Twitter del.icio.us Digg Facebook linked-in Yahoo Buzz StumbleUpon
This entry was posted in Development and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">