Asynchronous Ajax calls can really mess you up. The problem is that the environment within which you execute an Ajax call isn’t the same environment as when you handle the results. This situation occurs because of the nature of asynchronous environments. The browser makes the Ajax call to the server and then continues with its own business. Sometime later, the server responds with the results of the Ajax call, but by that time, the context of the browser’s running thread has changed.
It’s like arriving at the train station after the train has left town.
Topics like authentication often give me the heebie-jeebies. I worry about nefarious hackers in some corner of Beijing trying to hack into my account by somehow circumventing the authentication mechanism I put in place. To fight the situation, I would write the entire authentication routines myself, but I worry that I haven’t tested it thoroughly; on the other hand, I worry about using a library solution that I don’t fully understand and could therefore leave myself open to an attacker that does fully understand the solution.
A good compromise is to understand a bit about authentication and then use a known solution. When it comes to Sinatra, both are within easy grasp.