authentication and authorization in ajax call

Question

Request object and response object are not available in ajax call. And Gmail and many other sites use Ajax and authentication and authorization.

My question is: how they authenticate?

since authentication information mostly stored in Session object` and Session object is not available in ajax call.

I am from asp.net background.

score 1 · Accepted Answer · answered Sep 12 '15 at 18:30

1

AJAX is just a way for your web page to make HTTP requests. HTTP requests can be authenticated in several different ways.

Most modern APIs use a bearer authentication scheme (like [OAuth2][2]), where they acquire a token from an authorization server and add it to the request in the Authorization HTTP header, like:

Authorization: bearer <base64(token)>

answered Sep 12 '15 at 18:30

MvdD

20,035
6
59
89

where can I place token in html ? – user786 Sep 13 '15 at 04:46
You keep the token in a JavaScript variable or store it in session storage. – MvdD Sep 13 '15 at 17:49
do u mean local storage in html5? – user786 Sep 13 '15 at 17:57
You can use either one, but I would recommend session storage in this case. See also: http://stackoverflow.com/q/5523140/18044 – MvdD Sep 13 '15 at 18:10

authentication and authorization in ajax call

1 Answers1