Verification - enter a unique key for each ajax call

As I develop a new app, I am aiming to separate the HTML/JS layer from the PHP layer in order to prepare for a potential phonegap version in the future.

One major concern I have is regarding authentication. Since I won't be able to rely on session variables this time, I need to come up with a different approach to handle authentication. Here's my plan:

  1. The user will input their login information and submit it via ajax to a PHP file.
  2. The PHP file will validate the login credentials and generate a key-token for that user. This token will be stored on the user's end (e.g. in MySQL) and sent back to the client side as JavaScript.
  3. The browser will receive the key-token and store it in session_storage.
  4. Each subsequent ajax request will include this token, which will then be verified by the PHP script.

Do you see any potential flaws in this plan? Is there a simpler or more effective solution available? My idea is loosely based on how PHP sessions work, but using a key-token instead of a session ID. Any advice would be greatly appreciated.

javascriptajaxauthentication

Answer №1

Utilizing session variables is not an option for me

Your description closely resembles a session, however, you are choosing to develop it from scratch rather than utilizing the established PHP session handler with its tested properties and adaptability. By doing this, you may introduce flaws in your implementation, even if you manage to avoid initial design issues.

I highly recommend sticking with the standard PHP mechanism (although you could explore more advanced save handlers, like enabling the multi-layer function).

If executed correctly, what you have described should work similar to the PHP handler - but in terms of security, based on the information provided, it does not seem secure.

Storing sessions allows for more secure operations without relying solely on SSL (though HTTPS is crucial for security). This is because you can pre-share encryption keys, although the initial key negotiation process is susceptible to vulnerabilities.

On the other hand, the method you've outlined is at risk of being intercepted, injected, and vulnerable to CSRF attacks.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Tips for positioning a chat box at the bottom of a v-card's visible area

My goal is to create a chat app using Vuejs 3 and Vuetify 3, but I'm encountering an issue aligning the chatbox with the v-card component. Instead of being positioned at the bottom of the v-card, the chatbox (green) appears at the bottom of the page. ...

javascriptcssvue.jsflexboxvuetify.js

Optimizing CSS usage within Django: top recommendations

Throughout a 6-month-long project, I have continuously added new URLs. However, I am now encountering an issue when using the extend 'base.html' function on other pages where the CSS overlaps and creates confusion. My question is: What are the b ...

javascriptpythonhtmlcssdjango

Tips for preserving the integrity of square brackets while extracting data from JSON

Everyone: We've decided to utilize Newtonsoft JSON.NET for serializing some C# POCOs, and here's what we have: { "RouteID": "123321213312", "DriverName": "JohnDoe", "Shift": "Night", "ItineraryCoordinates": [ [ 9393, 44 ...

javascriptjqueryjsonserializationjson.net

Tips for sharing data between two components

In my project, I have a customized Shared Component which consists of an input search bar with a "continue" button. This Shared Component is being utilized within two other components - the buy component and sell component. The challenge I am encountering ...

javascriptangulartypescript

The value of InlineButton should be updated in the database with the current date

I am currently working on integrating an inline button within a table that will immediately update the database with today's date when clicked. The functionality I am aiming for is to have the button "change" trigger the insertion of the current date ...

phpjquerymysqljsonajax

Error: The function nodemailer.createTransport is not defined or does not exist

I'm currently working on integrating nodemailer into my nodejs application for sending emails. Check out the code below: var express = require('express'); var nodemailer = require('node-mailer'); var app = express(); app.post(&a ...

javascriptnode.jsexpressnode-modulesnodemailer

Timing of Bindings in AngularJS

In my setup, I have a controller that calls a service to retrieve a list of categories: $scope.enquiryCategories = CategoryServices.listCategories(); The service then fetches this data from an external API: listCategories: function () { return $http({ ...

javascriptangularjs

Leveraging AJAX and jQuery for data storage

Need a solution using AJAX and jQuery to save data from one form in another form while preserving the values. The stored information should be hidden from the front end user, with an option for the user to delete the data if desired. Retrieving the stored ...

javascriptphpjqueryajax

Update the scrollspy navigation in a div with overflow by toggling the active class

Struggling to implement a navigation menu within a self-scrolling div using html/css/jquery. Looking for the menu items to toggle the active class when in view or at the top of the scrolling div. I'm essentially trying to achieve something like this ...

javascripthtmljquerycss

Unable to load nested iframe

When working with an HTML document, I tried to add an iframe in the body without any cross-origin restrictions (same URL). However, when I tried to do the same thing within the appended iframe, although the nested iframe element was successfully added to ...

javascripthtmliframe

Error: The function _this[("render" + data.type)] is not defined as a valid function

https://i.stack.imgur.com/Y5Dz5.jpg I encountered an error in the console that I can't seem to figure out. Despite following the Syncfusion library's documentation, the error persists. Here is the code snippet that I implemented: import React f ...

javascriptreactjssyncfusion

Implementing React and Material UI: Maximizing Vertical Space Usage for a Box Component

Currently, I am working on a web application using React combined with Material UI. Within my code snippet below, you will see three Box components in play. Box 1 and Box 3 have specific heights set, but I am looking for a way to make Box 2 occupy the re ...

javascriptreactjsmaterial-ui

Updating the content with HTML and JavaScript

Hello everyone, I am currently working on a project to change the content of a div using JavaScript for educational purposes. Here is what I have done so far - <div id="navbar"> ... <ul> <li> <text onclick="getWordProcessing() ...

javascripthtmlonclick

Access-Control-Allow-Origin does not permit AngularJS Origin http://localhost:8080

I'm working on a web application using AngularJS. It's an admin interface that depends on a json-rpc API hosted on a different domain. When testing in my local environment, I encountered the error "Origin http://localhost:8080 is not allowed by ...

javascriptphpangularjs

Make sure to validate onsubmit and submit the form using ajax - it's crucial

Seeking assistance for validating a form and sending it with AJAX. Validation without the use of ''onsubmit="return validateForm(this);"'' is not functioning properly. However, when the form is correct, it still sends the form (page r ...

javascriptphpjqueryajax

AJAX-enhanced Pagination in CFWheels

I have scoured the depths of the internet, high and low, but I am unable to find a solution to this problem. Currently, I am utilizing the ColdFusion CFWheels Framework for database querying through AJAX as shown below: var id = $("#ship-id").val(); $.a ...

ajaxcoldfusionpaginationcfwheels

Using jQuery to trigger a change event and then chaining it with an AJAX

I've implemented a chained select feature which is working quite effectively. $(function() { /** * Chained Select (id_foo) * * @method on change */ $('select[name="id_foo"]').on('change', function() { var id ...

phpjqueryajax

Retrieving information from various datasets through inquiry

First Model const mongoose = require("mongoose"); const finalApprovalSchema = mongoose.Schema({ formId: String, designApproval: String, rejectionReason: String, date: { type: Date, default: Date.now, }, }); const FinalApproval ...

javascriptnode.jsmongodbexpressmongoose

Navigate the conversation within the dialog without affecting the content below

Is it possible to have a dialog with scrollable content on top of a page that is also scrollable, but when trying to scroll inside the dialog using the mouse wheel, only the dialog body scrolls and not the page below it? What approach can be used to accom ...

javascriptjqueryhtmlcss

Utilize jQuery to manipulate a subset of an array, resulting in the creation of a new array through the use of

I have a string formatted like this: ItemName1:Rate1:Tax1_ItemName2:Rate2:Tax2:_ItemName3:Rate3:Tax3_ItemName4:Rate4:Tax4 (and so on, up to item 25). My task is to take an index provided by the user (for example, 2), retrieve the item at that index when ...

javascriptjqueryarraysstringloops