Help! me with "AJAX"

Question

I am working around AJAX for few months now and i see Ajax request as following,

1. Pass parameters to background page (PHP/ASP/HTML/TXT/XML ... what else can be here?)

2. Do some processing on server

3. Get back the results and show to client (HTML/XML/JSON ... what else can be here?)

If there is something else to add on Request lifecycle please I will be glad to know?

Now I have some questions around AJAX and i will try to frame them one by one.

1. How many concurrent AJAX request can be made?

2. Yes there is timeout period in AJAX but considering the web2.0 scenarios and possibilities with the Network what is the timeout period? Best practice?

3. Consider scenario that if user invoke AJAX Request and it’s in process on the server and meanwhile user left the page. Will the processing on the server will be left in haft way? Or all the execution on server will be done and response is sent back to browser? What will happen?

4. Is it a strict requirement that we should have a server page (PHP/JSP/ASP) to take the AJAX request? As with this approach considering wide use of AJAX now a day, on server we need page per request (or few pages to server more than one request) which is something become difficult to maintain.

5. Can we have something else instead of server side page (PHP/ASP etc.) like web service or something which can be directly requested from AJAX (JavaScript) like URL? If yes how? This can reduce need of additional server side pages.

6. AJAX request also supports the Authentication. In what scenario this is used? Is it mandatory?

7. Comet is something which I heard lot about. My understanding is that it’s just some pattern in which AJAX is used to get updated data by using polling mechanism. Is it right? Please provide your views/insight.

8. Security risk using AJAX? How can it can be mitigated (Encryption/Decryption or something else)?

Thanks all,

Answer 1

1. Depends on the browser. It follows the same rules as concurrent HTTP requests everywhere else in the browser.

2. Ditto.

3. Pretty much the same as the user hitting the Stop button on a regular page.

4. An HTTP request must request a URI. How you handle that on the backend is up to you. The term "page" doesn't really fit — that is an HTML document with associated resources (stylesheets, images, etc). Most systems don't have a 1:1 mapping between server side programs and resources. In an MVC pattern, for example, it isn't uncommon to have a shared model and a controller that just switches between views for determining if to return an HTML document or the same data expressed in JSON.

5. A web service is just a server side program that responds in a particular way, lots of people write them using PHP, JSP or ASP so the question doesn't really make sense.

6. No, it isn't mandatory. You use authentication when you need authentication. There is no special "ajax authentication", that is usually just using the same cookies that are used everywhere else in the site.

7. No, the point of Comet is to avoid polling. See http://en.wikipedia.org/wiki/Comet_%28programming%29

8. Requests containing data are sent to the server. Responses containing data are returned from the server. The security implications are no different to any other HTTP request you handle.