I am using ajax to send data to the server.
function savePersonalInfo()
{
$.ajax({
type: "POST",
url: "../php/function.php",
data: {
name : document.getElementById("name").value,
phone : document.getElementById("phone").value,
affiliateId : "AF001" },
}).done(function( msg ) {
// success or fail
});
}
But the thing is that anyone can edit affiliateId, and send their own data. I am setting the affiliateId in the function when a user login, using php. How can I authenticate an ajax call. Authentication here means knowing that whether the ajax call is made by the person to whom the account belongs or some random guy trying to messup the database.