>Keep in mind that if TurboGears is in control of both the >authentication/authorization *and* the choice of HTML vs. JSON, that >means that making an AJAX request that gets JSON back can >automatically trigger a JSON response that represents an >authentication failure. This is the nice thing about having the >framework control different views of the data in this way.
Agree. But the client still needs to handle it and that is not easy. As XMLHTTPRequest is more like a "function call" in the background and how to handle it which involves UI interaction(re-auth whatever) is an interesting subject.
