On 10/6/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > The issue I have seen so far for this kind of form-based authentication > is when I use JSON/ajax(like the MochiKit ajax_table example). If I > protect that link with login, there is a slim chance that whan mochikit > received is HTML instead of JSON, this is possible like when the > session expired(thus relogin needed). Of course, the ajax js code can > be enhanced to deal with this.
I don't have time at the moment to really go through the auth/auth stuff that people have been proposing. However, I did want to comment on this... Keep in mind that if TurboGears is in control of both the authentication/authorization *and* the choice of HTML vs. JSON, that means that making an AJAX request that gets JSON back can automatically trigger a JSON response that represents an authentication failure. This is the nice thing about having the framework control different views of the data in this way. Kevin -- Kevin Dangoor Author of the Zesty News RSS newsreader email: [EMAIL PROTECTED] company: http://www.BlazingThings.com blog: http://www.BlueSkyOnMars.com
