Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Securing an ajax request

i have a website that uses session cookies for security. it works fine and all, but any ajax requests right now are not secure. example being lets say a user is on a page. they can only get to this page if they are logged in with a session - so far so good. but now the ajax request they ask for is

ajaxpages/somepage.php?somevar=something&anothervar=something

if any other user decides to just go to that link themselves (without a session) they still get the same ajax output that was meant for logged in people.

so obviously im going to have to pass session data across when i send an ajax request. anyone have any tips for the best way of doing this? ive never done this before and would rather use trusted methods than make up my own.

like image 504
asdasdsa Avatar asked Apr 22 '10 16:04

asdasdsa


1 Answers

The ajax requests work just like any other request to your website and should return the same session cookies as the non-ajax request. This is pointed out in this question. If you aren't getting the session cookie, perhaps something else is wrong.

like image 129
Kibbee Avatar answered Oct 20 '22 03:10

Kibbee