On Fri, Oct 17, 2008 at 3:08 PM, Jay Moore <jaymoore@xxxxxxxxxxxx> wrote: > I realize this isn't really about PHP, but I was hoping maybe someone had a > way to make AJAX a little bit more secure using PHP. > > I was thinking of making my AJAX calls also pass the current session id, > and have my PHP script check to make sure it's a valid id, but I'm open to > other ideas. > > Do you guys use PHP to make AJAX calls a little bit more secure? What /do/ > you use? > > I hope this isn't too off-topic. > > Thanks, > Jay > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > I use a hashed user id and a one time token passed with every request. No token or hash, and the scripts stops right there, then compares the token to the value stored in the user's session object. If that passed, i validate the user hash against the users session to ensure that they haven't just been suspended or had their account altered in some way -- Bastien Cat, the other other white meat
