Dear Friends, I am having one doudt regarding the working of AJAX applications. My problem is that whenever we are making request to the server we are passing the url along with some quesrystring. This URL is exposed and anyone having access to this application can copy the URL and pass his querystrings to retrieve the data from the server. But the condition is that user must be authenticated on the server before the response is sent back to client. In normal asp.net application we can check on page load if a particular session exists or not. But how can we check the same thing when making same request with XMLHttpRequest.
I want to know that if there is some way that before this request is responded by the page requested, the session of the user be checked. If the session of the user exists then he gets the response otherwise some custom message. I tried the usual process of checking the sessions as we do in regular server side applications but if no help. The session is created when user logIn. But the problem is that if I open two browsers from same machine and logs on through one browser I logs in and on checking the session I get the right value. The problem originates when I tries to check the session without logging in on the second browser. I still gets the session values. It means that even if one session is there on the server the server will send the response back to client. The same thing doesn't happens when working with normal asp.net applications. Frankly speaking I am not clear about the concept of managing the security when working with AJAX. I am very new to the world of AJAX. Please clear my doudts. Thanks, M Aggarwal. =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
