Secure ajax calls with JQuery php

swordsinfo · 05-03-2013 01:01PM #1

Hi guys quick question - im looking to load data from database via ajax into a page. However the page that is being loaded via ajax needs to be protected. Im currently using sessions in the admin areas however the session doesnt exist on the ajax page so that is out. I know I can pass the parameter via ajax but that exposes the site and could easily be hacked. Has anyone got any recommendations?? I was thinking of using sha1() to encode the value of the session then could send this and the session value and check the on the other end by sha1 the session value and comparing it against the one being sent?? I dont know if this is the right way for making these requests and as always your input or suggestion is always appreciated.

Regards
B

colm_c · 05-03-2013 10:15PM

Why wouldn't you have sessions on your Ajax calls? They are after all the same as any other php page.

swordsinfo · 05-03-2013 10:43PM

colm_c wrote: »

Why wouldn't you have sessions on your Ajax calls? They are after all the same as any other php page.

The session value isn't available in the Ajax page. I can pass it as mentioned but opens it up for man in middle attack hence why I'm using the sha function aswell. My question is what is "the right" way??

Secure ajax calls with JQuery php

Comments