Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m making an Ajax login system and i wonder if this is secure
- Post the username and the password with ajax
- Check the login server side, if valid, return the new session id and the user id in a JSON string
- Get the JSON with javascript then create the session’s cookies “session_id” and “user_id”
- Call the page where the logged user is redirected with AJAX
Thanks
Secure for 08/15 website: yes
Secure for online banking: no
The method you use is equivalent to an unencrypted everyday login <form>. Albeit you should really not rely on a “user_id” cookie. Rather save the verified user_id in the session store only.
Also you might try to simply return the session cookie on the JSON result for the AJAX call. It usually sticks to all further HTTP requests, so you don’t need (3) to set the cookie via Javascript additionally.