I previously discussed ways to manage user session state in DHTML-only UIs. A very similar problem arises with security contexts: Traditional web technologies like JSP and ASP.NET can link the identity of the user that is established at login to an authentication token that is either sent as cookie or encoded in the URL, just like the session id. If you integrate your session handling with a session-enabled technology as outlined in my earlier post, you can also attach to the security context in a similar fashion.

Continue Reading →

In my previous post I mentioned that there is no built-in mechanism for associating calls from a pure DHTML UI with user and session-specific state at the server. In this post I want to detail how to integrate with a .NET or Java session. Of course, the same principles can be applied to other web technologies like PHP etc.

Continue Reading →