Reputation: 17049
How can AJAX validate user?
When user is on the page you can use session or cookies to check who is he.
But when AJAX is used, for example, for sending an answer, sending page have no contact with user. How can it check is it real registered user, or just spambot sending this by headers?
What is the common practice for AJAX user validation?
Upvotes: 1
Views: 233
Answers (1)
Reputation: 318468
AJAX requests contain the same cookies like regular requests. Besides that you can send any arguments like session IDs with the AJAX request.
Actually, for the server it makes absolutely no difference if a request is made through an XmlHttpRequest object or not. Most frameworks add an X-Requested-With: XMLHttpRequest header though but that's completely optional.
So.. whatever means you use to pass your session data, simply ensure it's also available to the script called with your AJAX request:
- If you have a session id passed via GET/POST, include it in your request's arguments.
- If cookies are needed, ensure they are send to the file. If it's in the same folder like the current file or a descendant of it you are usually safe. If it's on another (sub-)domain you might get problems - not only with cookies but alsowith cross-domain AJAX which usually isn't allowed due to the same-origin policy browsers have.
Upvotes: 5
Related Questions
- In Ajax how to show validation of the input that the user interacts with?
- Check Username Using Ajax in Jquery Validation Engine
- How to use ajax to validate my form
- validation with AJAX
- ajax and php validation
- JQuery .ajax() on username validation
- AJAX form validation
- JQuery username validation - Ajax call
- How to validate username using Javascript?
- How to validate a user through an AJAX request?