ToonMariner Posted November 28, 2006 Share Posted November 28, 2006 OK I have posted this in the ajax forum but its pretty quite so I'd liek to see if anyone in here has any ideas.I have a php script called via an ajax request. I want the script to ensure it has been called by this request and NOWHERE else; i.e. nobody could type the url in or even script a bot that would send a request to this script automatically.I really need to restrict script running JUST from the ajax request on my site.ANY ideas will be much appreciated. Quote Link to comment Share on other sites More sharing options...
trq Posted November 28, 2006 Share Posted November 28, 2006 Have you tried checking the $_SERVER['HTTP_REFERER'] variable? Quote Link to comment Share on other sites More sharing options...
corbin Posted November 28, 2006 Share Posted November 28, 2006 you could set a session variable on the correct referer page (since its on the same server) then check for it on the form processing to make sure they came through the page that would set the session... Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted November 28, 2006 Author Share Posted November 28, 2006 $_SERVER['HTTP_REFERER'] may not nessesscarily be sent by the client or can be set (depending on client).The session thing could work but i'd have to unset it each time just in case they tried to leave a window open and use that as a gateway.Gonna have to make sure I get the old logic right on this - it is critical Quote Link to comment Share on other sites More sharing options...
corbin Posted November 28, 2006 Share Posted November 28, 2006 Hmm yeah didnt think about that... Idea... make the session value random things then store the session value in a DB by sessid that way if they go to another page and come back itll reset it and their old one would be incorrect making them unable to go to another page with still the right session thing set... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.