TalkPHP - View Single Post

trmbne2000 · 12-07-2007, 01:14 AM

I was browsing the web today, and I found an interesting article on securing AJAX apps. Based on that reading, I came up with this idea:
- Append my user session table with an authentication key field
- Each time the app sends a request, it includes the key, and the server checks the auth key against the one in the DB.
- If they match, it performs the action, generates a new random auth key, and returns it as part of a json object to the page.
- The page now has a new auth key to pass for the next call.

What do you think?

--Trmbne2000

12-07-2007, 01:14 AM	#5 (permalink)
trmbne2000 The Wanderer Join Date: Nov 2007 Posts: 13 Thanks: 0	I was browsing the web today, and I found an interesting article on securing AJAX apps. Based on that reading, I came up with this idea: - Append my user session table with an authentication key field - Each time the app sends a request, it includes the key, and the server checks the auth key against the one in the DB. - If they match, it performs the action, generates a new random auth key, and returns it as part of a json object to the page. - The page now has a new auth key to pass for the next call. What do you think? --Trmbne2000