Some websites, such as Yahoo and Google, use Ajax to check if the username/password is wrong. Obviously there must be server side authentication because anyone can change the local JavaScript and trick it into thinking username/password is correct. I'm wondering how this is done efficiently since wouldn't the server be checking the same username/password twice? Consider the following scenario where a user logs into a web site:, use Aj