Best way to secure an AJAX app

Question

I am currently working on the authentication of an AJAX based site, and was wondering if anybody had any reccomendations on best practices for this sort of thing.

My

Answer 1

SSL is a must, preventing transparent proxy connections that could be used by several users. Then I'd simply check the incoming ip address with the one that got authenticated.

Re-authenticate:

• as soon as the ip address changes
• on a time out bigger than n seconds without any request
• individually on any important transaction