Well... if your module properly checks that the user is logged in then there shouldn't really be a problem, provided you're making sessions properly and not easy to crack. Other than that, if all the checking is done server-side, then your login method is really no different whether you're doing it with AJAX or without. You're still going through HTTP and sending the same data across. You can make it more secure to data-sniffing if you use SSL, but that's a different story.
On Feb 12, 8:53 am, phicarre <[email protected]> wrote: > How to secure this jquery+php+ajax login procedure ? > > $('#myform').submit( function() > { > $(this).ajaxSubmit( { > type:'POST', url:'login.php', > success: function(msg) > { > **** login ok : how to call the welcome.php *** > }, > error: function(request,iderror) > { > alert(iderror + " " + request); > } > }); > return false; > }) > > <form id="myForm" action="" > > > Name : <input type='text' name='login' size='15' /> > <div>Password : <input type='password' name='passe' size='15' /></div> > > <input type="submit" value="login" class="submit" /> > > </form> > > Login.php check the parameters and reply by echo "ok" or echo "ko" > > Logically if the answer is ok we must call a welcome.php module BUT, > if someone read the client code, he will see the name of the module > and can hack the server. > May I wrong ? how to secure this code ?
