Reputation: 1291
Sending user data from js to php
I'm writing an application that has JS on the client and php on the server, openned session at the server and their "in the php script" I identify each user by a unique ID retrieved from DB and stored in $_SESSION["uID"] at first I thought that this is enough while sending user data from javascript to php, as the session would handle the identification issue and each user request will be recieved by its own session, and hence no user session would conflict with another..am I right? or I have to use another technique?
Do I have to send the user id from js to php? or it is enough to be declared in php?
Do I have to use session Id or something?
Upvotes: 0
Views: 184
Answers (4)
Reputation: 174997
Php has the client store the session ID as a cookie, which is sent on every request. However should a user not keep cookies, the session would be canceled. Worse, if the user logs on from an unsecure location, an attacker may get his session ID, and the system would wrongly identifyihim as the victim.
The truth is there is no absolute way to identify a client. A session id good enough for most cases, but if you need an extra layer of security, use accounts in combination with IP checking and sessions.
Upvotes: 0
Reputation: 8578
Pretty sure that once the session_start() is called at the beginning of the php script, you will be able to access $_SESSION["uID"]. If you have provided the user with a unique uID, you only need to use it inside php. Moreover, if you make some calls from js to php using uID, there will be a huge security loophole since javascript is easily interfered and "wrong" uID could be passed. So yeah, I would stick with what you said and my verdict would be: yes it is enough to be declared in php :)
Upvotes: 1
Reputation: 48367
Spend some time reading up on sessions.
What happenned when you tested it?
Normally the session id is transmitted via cookies. Cookies should be sent to the server in xmlhttp requests. Cookies are set on the browser by an HTTP request.
It is possible to send the session id via other means, and set the session cookie via javascript - but an explanation of this won't make a lot of sense until you understand the basics.
Upvotes: 0
Reputation: 57660
Sending User Id by js would make your applicator insecure. Anyone could become anyone. If session is set by cookies, it's enough to use that session in php end. You don't have to sent session Id by js as it get automatically sent by your browser by cookies.
Upvotes: 2
Related Questions
- Passing JavaScript Variables to PHP Session
- Passing Session Variable from PHP to JS
- Sending a PHP session variable to javascript of another file
- How to save user session in a variable in PHP to be referenced in JavaScript
- Store javascript data into PHP SESSION VARIABLE?
- Passing a SESSION variable to JS
- Try to get PHP session user into JavaScript
- Sending Data From A PHP Script Back To A JQuery AJAX Request
- Session from javascript
- How can I pass a PHP variable to javascript?