Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Secure ajax calls with JQuery php

  • 05-03-2013 12:01pm
    #1
    Registered Users, Registered Users 2 Posts: 263 ✭✭


    Hi guys quick question - im looking to load data from database via ajax into a page. However the page that is being loaded via ajax needs to be protected. Im currently using sessions in the admin areas however the session doesnt exist on the ajax page so that is out. I know I can pass the parameter via ajax but that exposes the site and could easily be hacked. Has anyone got any recommendations?? I was thinking of using sha1() to encode the value of the session then could send this and the session value and check the on the other end by sha1 the session value and comparing it against the one being sent?? I dont know if this is the right way for making these requests and as always your input or suggestion is always appreciated.

    Regards
    B


Comments

  • Registered Users, Registered Users 2 Posts: 2,032 ✭✭✭colm_c


    Why wouldn't you have sessions on your Ajax calls? They are after all the same as any other php page.


  • Registered Users, Registered Users 2 Posts: 263 ✭✭swordsinfo


    colm_c wrote: »
    Why wouldn't you have sessions on your Ajax calls? They are after all the same as any other php page.

    The session value isn't available in the Ajax page. I can pass it as mentioned but opens it up for man in middle attack hence why I'm using the sha function aswell. My question is what is "the right" way??


Advertisement