On Wed, Sep 08, 2010 at 05:45:26PM +0200, f...@mail.dnttm.ro wrote: > We do a web app with an Ajax-based client. Anybody can download the > client and open the app, only, the first thing the app does is ask for > login. > > The login doesn't happen using form submission, nor does it happen via > a known, standard http mechanism. > > What we do is ask the user for some login information, build a hash > out of it, then send it to the server and have it verified. If it > checks out, a session ID is generated and returned to the client. > Afterwards, only requests accompanied by this session ID are answered > by the server.