Hi, I am slowly converting my webapps to use the 'ajax' technology. I'd like to know what 'best practices' should I use when it comes to authenticate, identify the requests in a more restricted context. So far I've migrated some 'open' areas where the user, without having to identify himself can perform searches. But I need to allow/deny him to do insert/delete/update actions. In the traditional webapp I'd create a login page where the user. password would be checked against a database and a session variable would be set with a authenticate code. Further access to restricted pages are allowed/denied based on the existance of this authenticate code. What would be a good alternative in my ajax-enabled webapp? I cant use session in my php scripts (those called by the XMLHttpRequest.open) right?
