Request object
and response object
are not available in ajax
call. And Gmail and many other sites use Ajax and authentication and authorization.
My question is: how they authenticate?
since authentication information mostly stored in Session
object` and Session object is not available in ajax call.
I am from asp.net
background.
AJAX is just a way for your web page to make HTTP requests. HTTP requests can be authenticated in several different ways .
Most modern APIs use a bearer authentication scheme (like [OAuth2][2]
), where they acquire a token from an authorization server and add it to the request in the Authorization HTTP header, like:
Authorization: bearer <base64(token)>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.