Home/ Questions/Q 8608003
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T03:30:16+00:00

Not too clear on how to authorize PHP AJAX calls with session_id or against

  • 0

Not too clear on how to authorize PHP AJAX calls with session_id or against any $_SESSION variables actually.

Should it be stored in the database upon login and referenced against a $_SESSION storage on each AJAX call?

I know these subjects have probably been discussed ad infinitum, but I can’t seem to find a clear answer.

Thanks in advance!

Revelation

Wow, so authorization is limited to whether or not there’s a session? Scary. Makes me wonder if that’s all that .net’s web.config’s deny=”?” is doing. Thanks all for your help!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The session is always there because session data is server-side. As long as they have the cookie that grants them that session, they are considered an authorized user.

    In the beginning of the file being called through AJAX, just do something like this:

    <?php

session_start();
if(!isset($_SESSION['id'])) {
    exit;
}

?>

    Nothing will be executed beyond that point unless they have an active session.

    You can prevent people from accessing your AJAX files directly too, just add this:

    <?php

if(!isset($_SERVER['HTTP_X_REQUESTED_WITH']) OR ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest')) {
    exit;
}

?>

    Someone could still get around that, but it’s better than nothing.

    • 0