Jump to content


Photo

php, ajax, sessions and security

ajax security

  • Please log in to reply
1 reply to this topic

#1 ajoo

ajoo
  • Members
  • PipPipPip
  • Advanced Member
  • 489 posts

Posted 21 April 2017 - 01:29 PM

Hi all !

 

In my previous question asked today I said that I am using dropdown lists for selecting country, state, city and pin.

 

The initial lists are blank and use the selection of country to trigger the loading of states and choosing a state triggers the loading of cities and so I am using ajax for this purpose - more specifically the $ajax() function of jquery.

 

In a normal call to a php page, the integrity is maintained via sessions, and csrf is prevented via tokens embedded in the form, but how do I take care of these when data is being passed through the ajax call ? Any other security measures that need to be looked into while using this method or special security mechanisms that I need to apply? 

 

I would of-course check the data received this way, by using all the normal data validation methods on the server side.

 

Thanks all !


Edited by ajoo, 21 April 2017 - 01:30 PM.


#2 requinix

requinix
  • Administrators
  • Forgotten Administrator
  • 8,488 posts
  • LocationWA

Posted 21 April 2017 - 02:12 PM

Sessions are managed with cookies and the browser will make that all work automatically with the AJAX.

I wouldn't expect that you'd need to worry about CSRFs for this. It's not like the queries are performing any actions - what CSRFs are really about. But if you still need to have it then pass the token in the AJAX request; how you do that varies but probably means putting the token into the page with your PHP and appending it to the AJAX URL or including it in the request data.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users