Preventing $.POST hijack

Posted by Jamie on Stack Overflow See other posts from Stack Overflow or by Jamie
Published on 2010-05-16T22:31:31Z Indexed on 2010/05/16 22:50 UTC
Read the original article Hit count: 464

Filed under:
|
|
|

I'm currently building a facebook application. Lets say I have a variable $uid that identifies the user so I can store this in my database along with their submitted data. I pass $uid and $data via json encoded values using $.post. However, this doesn't prevent someone changing $uid to save data as someone else.

I have been thinking about how to overcome this, so far I haven't found a solution apart from: create database with $uid $secretkey on first page load. When $.post send $secretkey with the post and then retrieve the $uid from the database.

Would this be the correct approach to use?

© Stack Overflow or respective owner

Related posts about jQuery

Related posts about php