How to check user through AJAX request?

Question

How to check user through AJAX request?

We have a web page that we provide to partner companies through iFrame. The IFrame contains several javascript files that make ajax requests to our server for data. For iFrame itself, an API key is required that is bound to the partner domain. This prevents the display of an iFrame if it is installed in a domain that is not registered. However, it would just be easy to copy the contents and javascript iFrame files from the registered site and place them on an unregistered site.

Ideally, we would like to use the API key to limit Ajax requests and prevent our server from providing the requested data for unregistered sites. However, it seems that the server variable HTTP_REFERER is not set for Ajax requests. How can we determine which site is requesting? Is it possible? If not, how can we prevent unauthorized access?

+3

authentication ajax php

user38339 Jan 26 '09 at 10:14

source share

3 answers

Chris · Answer 1 · 2009-01-27T01:57:50+0000

HTTP_REFERER, . , - API , URL- IFRAME, Google ( ). )

URL IFRAME , , .

Sarel Botha · Answer 2 · 2009-01-26T22:22:34+0000

iframe , cookie . AJAX cookie. .

HTTP_REFERER, - , .

user38339 · Answer 3 · 2009-01-26T22:35:02+0000

The problem is that iframe has the right to a specific domain, so my API key is tied to this. I completed the following tutorial for creating API keys.

https://ajax.dev.java.net/ajax/api-keys

Do you think that using the HTTP_REFERER variable will prevent users from accessing the iframe? Sun claims that Google uses this method to authenticate the Google Maps API.

After the API key has been authenticated, I think the cookie approach should do the trick. Thanks!

How to check user through AJAX request?

More articles: