Data from Ajax for authorised users only

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
hjkl
Forum Newbie
Posts: 1
Joined: Thu Mar 20, 2014 4:02 am

Data from Ajax for authorised users only

Post by hjkl »

In my application authorised users should be able to recieve specific data from server via Ajax. However, unauthorised users must not be able to recieve this data.

Authorised users are loged in with session. However, when making Ajax call, server cannot check this session. I can send only user's ID, but it doesnt help making sure that this user knows username and password.

How can I make sure only authorised users get access to this data via Ajax?
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Data from Ajax for authorised users only

Post by Celauran »

Persist login tokens and include them in the request?
Post Reply