• Journal of Internet Computing and Services
    ISSN 2287 - 1136 (Online) / ISSN 1598 - 0170 (Print)
    https://jics.or.kr/
Menu

Authentication and Session Management based on Ajax


Nam Sang-On, Daguil Rolyn C, Kim Gi-Weon, Journal of Internet Computing and Services, Vol. 7, No. 6, pp. 157-174, Dec. 2006
Full Text:
Keywords: AJAX, authentication, Session Management

Abstract

Ajax interaction model changes the posture of web application to become a stateful over HTTP. Ajax applications are long-lived inthe browser. XMLHTTPRequest (XHR) is used to facilitate the data exchange. Using HTTPS over this interaction is not viable because of the frequency of data exchange. Moreover, switching of protocols form HTTP to HTTPS for sensitive information is prohibited because of server-of-origin policy. The longevity, constraint, and asynchronous features of Ajax application need to hove a different authentication and session fondling mechanism that invoke re-authentication. This paper presents an authentication and session management scheme using Ajax. The scheme is design lo invoke periodic and event based re-authentication in the background using digest authentication with auto-generated password similar to OTP (One Time Password). The authentication and session management are wrapped into a framework called AWASec (Ajax Web Application Security) for coupling to avoid broken authentication and session management.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Sang-On, N., C, D., & Gi-Weon, K. (2006). Authentication and Session Management based on Ajax. Journal of Internet Computing and Services, 7(6), 157-174.

[IEEE Style]
N. Sang-On, D. R. C, K. Gi-Weon, "Authentication and Session Management based on Ajax," Journal of Internet Computing and Services, vol. 7, no. 6, pp. 157-174, 2006.

[ACM Style]
Nam Sang-On, Daguil Rolyn C, and Kim Gi-Weon. 2006. Authentication and Session Management based on Ajax. Journal of Internet Computing and Services, 7, 6, (2006), 157-174.