Securing ajax request

Secure your request is very important since it will prevent someone to steal or to get in your datas. Following a way to do it.
You have to be able to generate a secure key from the server and after to affect the key the following code : $_SESSION[‘Env_UserSession’][‘AjaxKey’] = $key_sec
From the customer side, the key should be available via javascript and it can be a source of an hidden string. During the ajax request, get back the key and to transmit it to the ajax parameters. When the request is launched, you have to control from the server that the key exists and to verify it with the one saved in the session (this one should be verify before to generate the ajax content to the customer).
When you have to control the server, you have to verify very well POST or GET exists because if it is empty, it can be someone try to steal the content. If all are ok, you can deliver the content without any danger.

Sorry, comments are closed for this post.