I previously discussed ways to manage user session state in DHTML-only UIs. A very similar problem arises with security contexts: Traditional web technologies like JSP and ASP.NET can link the identity of the user that is established at login to an authentication token that is either sent as cookie or encoded in the URL, just like the session id. If you integrate your session handling with a session-enabled technology as outlined in my earlier post, you can also attach to the security context in a similar fashion.

Continue Reading →