I'm not 100% sure how to phrase this, so apologies if this post gets wordy or confusing...
Is there any standard way to ensure that data received on an AJAX post page does, in fact, come to that page via an AJAX request? I could imagine somebody coming to a site that handles login via AJAX, popping open Firebug, figuring out what the AJAX post page is for the login request, and then navigating directly to that page in a browser, throwing params in the URL, just to see what might happen. Without being able to articulate exactly why, I'd say this sounds like a "bad" thing. Is there any sort of a token one passes from an AJAX post in JS back to the server for authentication? Does my question even make sense? Thanks in advance.
