No matter how interactive they are, there is a limit to what websites or applications can do without somehow saving information. To begin with, developers use forms to send information back and forth from the server, which works but can be clunky in terms of the user experience.
AJAX requests, which are executed by the browser in the background, give end users a smooth experience and also allow you, as a developer, to simplify the amount of logic that must be shared between the client-side and server-side of an application.
To get the most out of AJAX as an architecture, you need to understand what’s going on underneath the covers, so in this chapter I’ll dig into not only how to make AJAX requests but what’s happening, and some of the security implications all developers need to be aware of.
Getting data to and from the server
You’ll recall from the introduction that the XHR API was first introduced by Microsoft in Internet Explorer largely for the use of their webmail product. By then, users had become used to their computers opening a pop-up when new mail arrived, and Microsoft realized there was no way to do that within the existing browser architecture without constantly refreshing the page.
The XHR API has essentially a single function: It allows client-side code to make requests to the server without having to refresh the page. Whether it’s checking for mail, or downloading large amounts of data, it allows a developer to write an application that ...