How to authenticate AJAX call?

Question

I have designed a website which uses AJAX. I have a PHP page named store.php which accepts data sent by POST method and stores in the database.

How do I implement au

Answer 1

What you are looking for is a persistent state for the user. The best way to implement this in PHP is to utilize sessions.

There is great documentation on it: http://www.php.net/manual/en/book.session.php

Answer 2

The security of Ajax requests is not a simple matter. They can be susceptible to man-in-the-middle attacks and replay attacks, to name a few. I'd recommend reading this book: http://www.amazon.com/Ajax-Security-Billy-Hoffman/dp/0321491939. It will give you lots of good information on the subject.

As for your question, specifically: once your PHP session has been set up, those session cookies will apply to Ajax requests as well.

Answer 3

Store a token associated with the user in your database. Make sure that the token will be unique and not guessable. Also store the same token in a hidden form field so that it gets posted back to the page. Ensure on the server that the token is present in the posted form values and check that it is valid.

Answer 4

Any AJAX Call to a Server Script will still include the session id in the request. If you are implementing sessions in your site, then start the session and you will be able to see session variables for the currently logged in user.

Answer 5

I normally just include the exact same code I use to authenticate on the rest of my site in the ajax-called page. I use SESSION to hold a sessionID, and the rest is handled in my DB. I usually end up just adding a line like this..

require_once('loginProcedures.php'); 
//Login Authentication takes place here using SESSION ID

if (!$me['validLogin']) die("Invalid Authentication");

//perform actions and echo your result for a valid login.