The other gurus have probably covered this already, but I only worked this out today and if you haven't this is really a rather cool trick.
Domino allows you to login to the server using the following URL structure if you have session authentication turned on.
and similarly logout using
So it occured to me that if the browser allowed a session cookie to be set by and AJAX call to these URLs then it would be possible to override the default notes logon and have an application specific login or out functions on any page or form.
So basically what you do is use this to your advantage by constructing a AJAX connection using whatever framework you want using either GET or POST that calls the LOGIN or LOGOUT parameter and populate the &username= and &password= from values in your form. Now comes the cheeky part, instead of a page have an agent in the &redirectto= parameter. This agent is a very simple beast like this
Print |***Logged IN***|
This will be returned to the browser as plain text .. do a simple test for ***Logged IN*** being present and act accordingly by redirecting to another page or doing something on the page your are on This text will ONLY be present if you logged on successfully.. if your sign-on fails the text is not there so you can act accordingly for a log-in failure.
You do have to remember to make your login page or form available to Public Users and ensure
that all other pages and views are not available to Public users. Also setting the ACL of your application so that DEFAULT has no access but IS allowed to READ PUBLIC DOCS.
I have used this technique in an application and it works, sadly I cannot share the application it being company property and all that. But if anyone is interested I could throw together a sample file and post it in the code bin on OpenNTF .. let me know if you want it.
** UPDATE **
As has been pointed out in the comments by both Radu Cadiru and Jake Howlett. There are BIG security issues with using the GET option in that this will expose your USERNAME and PASSWORDS both on the network and in the various web logs on the server and in browser caches.
I would strongly recommend you use the POST method to pass the data and to do so over your SSL port. *** Especially if this in on the INTERNET *** This will make it difficult for your user's username&password data to be "snooped".