I was thinking. I can just use a database and write the current user
out (embed it) into the PHP dynamically, instead of posting it from
jQuery.  I guess that would work.  It would avoid the whole issue.

On Jan 25, 9:03 pm, Patrick <kenned...@gmail.com> wrote:
> I want to implement an AJAX and oAuth design using PHP and jQuery.
> Now, if a dedicated user is required, I can embed the token and secret
> into a PHP file. However, to allow a multi-user scheme, I can put the
> token and secret into a cookie, and read them from JavaScript.
> However, is that a good idea - i.e, is it secure, or what should I do
> to implement a good security model for an AJAX / oAuth design?

Reply via email to