How to authenticate data sent to the server through Ajax

Question

I am using ajax to send data to the server.

function savePersonalInfo()
{
  $.ajax({    
    type: "POST",
    url: "../php/function.php",
    data: {
    name : document.getElementById("name").value,
    phone : document.getElementById("phone").value,
    affiliateId : "AF001" },
    }).done(function( msg ) {
        // success or fail
    });
}

But the thing is that anyone can edit affiliateId, and send their own data. I am setting the affiliateId in the function when a user login, using php. How can I authenticate an ajax call. Authentication here means knowing that whether the ajax call is made by the person to whom the account belongs or some random guy trying to messup the database.

Store affiliate ID in the ``$_SESSION`` array. That way ``function.php`` can retrieve it. Read up on PHP sessions: https://www.php.net/manual/en/book.session.php — kmoser, Oct 11 '19 at 08:31

score 0 · Answer 1 · answered Oct 11 '19 at 08:19

0

beforeSend: function (xhr) {
    xhr.setRequestHeader ("Authorization", "Basic " + btoa(username + ":" + password));
},

Source: Use basic authentication with jQuery and Ajax

answered Oct 11 '19 at 08:19

yosh

162
14

what if we can save an self made encrypted key in the variable list, and whenever we recive the ajax call, decrypt the key, check the authenticity anf then take furthur actions? – naman Oct 11 '19 at 08:28
cause I dont feel like saving credential. – naman Oct 11 '19 at 08:30

How to authenticate data sent to the server through Ajax

1 Answers1