I am slowly converting my webapps to use the 'ajax' technology. I'd like to know what 'best practices' should I use when it comes to authenticate, identify the requests in a more restricted context. So far I've migrated some 'open' areas where the user, without having to identify himself can perform searches. But I need to allow/deny him to do insert/delete/update actions. In the traditional webapp I'd create a login page where the user. password would be checked against a database and a session variable would be set with a authenticate code. Further access to restricted pages are allowed/denied based on the existance of this authenticate code. What would be a good alternative in my ajax-enabled webapp? I cant use session in my php scripts (those called by the XMLHttpRequest.open) right?
Why not? Not that I've tried it, but your browser is going to be making the call and I would imagine it would send along any cookies it has just like it normally does...
Try it and see if it sends the session cookie along... -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
