0

From my phpwebsite, when users need to create a new post (for example), I'm sending a jquery/post to one phpscript to do this action. But this is not safe, I mean, everyone could send a fake jquery/post to that script with the same user id with no login requirement.

Is it any safe way to do this?

Improve this question
0

2 Answers 2

Reset to default
2

Don't include the user ID in the POST.

Instead, just use the ID of the currently-logged-in user on the server.

This assumes that you have a secure way to track login sessions.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

So, I have to startsession and do authentification on each script, right?
@Ksakser: Yes. You should always do that for any non-anonymous operation.
0

You could submit the userId of the current user. Then in the PHP script check the session and evaluate that the userId which is sent is the same as the user id of the logged in user.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.