I have several forms brought in via jQuery .ajax funciton. In the parent page

Question

0

Asked: May 20, 20262026-05-20T10:05:22+00:00 2026-05-20T10:05:22+00:00

I have several forms brought in via jQuery .ajax funciton. In the parent page

0

I have several forms brought in via jQuery .ajax funciton. In the parent page I start a session like this

<php
 session_start();
 $_SESSION['authenticated'] = 'yes';
?>

then in the form that is loaded have a check like this:

<?php
  session_start();
  if($_SESSION['authenticated'] != 'yes') {
  header("Location: http://www.google.com");
 }
?>

I know its not the best, but it’s an attempt to stop people form accessing the forms directly. The problem is that if you go to the parent page, then you can enter the form URL and get there because the session was started when you hit the parent page. How can I destroy the session or remedy this issue?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-20T10:05:22+00:00

Editorial Team

2026-05-20T10:05:22+00:00Added an answer on May 20, 2026 at 10:05 am

You can check $_SERVER['HTTP_REFERER'] in your form .php code to see where the request is coming from. An AJAX call will set the HTTP_REFERER to the page it is called from.

if (strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST']) === false) {
   die();
}

It’s not a bulletproof solution. Any page that is publicly accessible can be retrieved by an automated script.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have several forms brought in via jQuery .ajax funciton. In the parent page

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply