I want to implement an AJAX and oAuth design using PHP and jQuery.
Now, if a dedicated user is required, I can embed the token and secret into a PHP file. However, to allow a multi-user scheme, I can put the token and secret into a cookie, and read them from JavaScript. However, is that a good idea - i.e, is it secure, or what should I do to implement a good security model for an AJAX / oAuth design?