Although it can be problematic UX wise - non AJAX login on non-https and AJAX logins on https could be confusing. Although, if we *are* being MITM'd with http, the MITM'er can just insert JS that pretends to have AJAX login...
On Thu, Feb 6, 2014 at 12:52 AM, Yuvi Panda yuvipanda@gmail.com wrote:
Yeah, if you can ensure that the user is viewing the current page via HTTPS, I think you can offer them AJAX Logins.