Am about to include a log in system to my web Site but i don't think it's a good idea for security to use ajax to send a and receive confirmation from an external php script called login.php and log-out the same way with another logout.php any recommendation
Make sure that you're sending it via POST and use SSL rather than plain old http and you should be fine. Sending it via AJAX does not make it less safe than a regular post.
The Downsides of Using Ajax The major drawback is its massive usage and dependency on JavaScript. It should be noted that JavaScript is implemented differently for various browsers, such as Internet Explorer, Netscape, Mozilla, and so on.
Yes, AJAX (XHR) is used all the time in web pages. It is still the primary way that JavaScript in a web page makes an in-page request to a server.
AJAX allows web pages to be updated asynchronously by exchanging data with a web server behind the scenes. This means that it is possible to update parts of a web page, without reloading the whole page.
AJAX is a as safe as a plain old form + refresh page. In the end it's always an HTTP request. Why do you think that ?
However, from a usability point, make sure that people that disable javascript can still log into your app.
Be sure to use POST
method to send your AJAX request, as GET
requests, and their params (such as, let's say, plain-text password) might end in your web server logs, unles you are using HTTPS.
As Grégoire pointed it out:
Also from a usability point, autocomplete won't work for AJAX forms on chrome, and for AJAX-loaded forms in firefox. The browsers won't even propose to remember your password
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With