I'm breaking my head over this issue, where I want to prevent people from direct accessing a file which I'm calling using AJAX.
In short:
main-script.php
makes an AJAX call toajax-request.php
ajax-request.php
can only be called from frommain_script.php
- Prevent direct access to
ajax-request.php
I've already read similiar questions like this one, but the "accepted answer" here (like many other of the answers) seems like it shouldn't be accepted. What got my attention however was this answer, where he's talking about using $_SESSION
and hashing. Now the problem is (1) that I'm skeptical if you can actually prevent people from direct accessing in this case; (2) I can't wrap my head around on how you'd use sessions and hashing to make this happen.
So I would appreciate it if someone could help me out with the thinking process or give me a push in the right direction (or give advice if it's not really possible at all).