It is a little bit different because with ajax we come back to the first module: data introduction -> send to server -> check -> return to first module -> goto welcome Without ajax/jquery: data introduction -> send to server -> check -> goto welcome
On 12 fév, 20:09, James <[email protected]> wrote: > Well... if your module properly checks that the user is logged in then > there shouldn't really be a problem, provided you're making sessions > properly and not easy to crack. Other than that, if all the checking > is done server-side, then your login method is really no different > whether you're doing it with AJAX or without. You're still going > through HTTP and sending the same data across. You can make it more > secure to data-sniffing if you use SSL, but that's a different story. > > On Feb 12, 8:53 am,phicarre<[email protected]> wrote: > > > How to secure this jquery+php+ajax login procedure ? > > > $('#myform').submit( function() > > { > > $(this).ajaxSubmit( { > > type:'POST', url:'login.php', > > success: function(msg) > > { > > **** login ok : how to call the welcome.php *** > > }, > > error: function(request,iderror) > > { > > alert(iderror + " " + request); > > } > > }); > > return false; > > }) > > > <form id="myForm" action="" > > > > Name : <input type='text' name='login' size='15' /> > > <div>Password : <input type='password' name='passe' size='15' > > /></div> > > > <input type="submit" value="login" class="submit" /> > > > </form> > > > Login.php check the parameters and reply by echo "ok" or echo "ko" > > > Logically if the answer is ok we must call a welcome.php module BUT, > > if someone read the client code, he will see the name of the module > > and can hack the server. > > May I wrong ? how to secure this code ?
