Securing an ajax request
Posted
by asdasdsa
on Stack Overflow
See other posts from Stack Overflow
or by asdasdsa
Published on 2010-04-22T16:50:57Z
Indexed on
2010/04/22
16:53 UTC
Read the original article
Hit count: 229
i have a website that uses session cookies for security. it works fine and all, but any ajax requests right now are not secure. example being lets say a user is on a page. they can only get to this page if they are logged in with a session - so far so good. but now the ajax request they ask for is
ajaxpages/somepage.php?somevar=something&anothervar=something
if any other user decides to just go to that link themselves (without a session) they still get the same ajax output that was meant for logged in people.
so obviously im going to have to pass session data across when i send an ajax request. anyone have any tips for the best way of doing this? ive never done this before and would rather use trusted methods than make up my own.
© Stack Overflow or respective owner