I have been using Ajax a lot recently in my PHP applications, especially in my Magento interfaces to retrieve order and customer information. Working with Magento in PHP you need to be careful you do not completely bypass Magento application security by creating open access to the Magento back end code via your PHP scripts, this is especially the case when using Ajax.
For a previous web site I looked at implementing best practice methods for implementing PHP session security and persistent login security for application logins. I revisited this code to create a PHP security class that I could quickly implement to add application login / persistent login security to a PHP app and additional authentication checks for Ajax requests.
The demo below shows the code in action, for login and Ajax authentication. Login using the demo username and password, then check the links out to read about the best practices implemented by the PHP class.
Source code on request.
Oğuz Çelikdemir says:
Dear PAJ,
what technique you used for AJAX security? Could you please share with me? Thanks
PAJ says:
If you login to the demo app in this post you will see links to the best practice php session / login security methods I have implemented.