Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
cannabioid13372021-03-08 09:09:37
AJAX
cannabioid1337, 2021-03-08 09:09:37

Explain the security of AJAX?

I recently started learning AJAX and JS, I don't understand the security of this code:

$.ajax({
type: "POST",
url: 'login.php',
data: UserId: <?php echo $_SESSION['userId'] ?>,
success: function(response) })


In theory, when the page loads, the userid value from php will be inserted, and it can be changed through the element code, or am I mistaken?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
S
Sergey Sokolov, 2021-03-08
@sergiks

Everything that leaves the client is faked;
Everything that comes to the server must be checked.
Look at the JSON Web Token (JWT, pronounced "jot") is a set of information that is signed and encrypted with a secret key. Your server could send a jwt to the script containing user_id, and signed with a private key known only to the server. Then on the server you can check that the original token will come back from the AJAX call and verify its authenticity.

Report
A
Alexander, 2017-12-23
@NeiroNx

everything is wrong there, starting from a lexical error in the name of the length of the array, ending with the listener function. Everything needs to be rewritten from scratch.

Report
D
Denis, 2017-12-24
@Deonisius

First, find the differences:
1. delMessage and dellMessage
2. lenght and length
3. Operator > and <
Second, the variable i must be defined again in this case using the keyword let . After you figured it out, it turns out that all your blocks will immediately disappear, because. you are calling the function in a loop instead of passing it as an argument like a callback function. That is, you only need to pass the function name - delMessage , and not call it delMessage() . And let's move on to the last point - how to pass arguments. Using the bind() method
As a result, we get something like this code :

let closeIco = document.getElementsByClassName('clossing');
for (let i = 0; i < closeIco.length; i++) {
    closeIco[i].addEventListener('click', delMessage.bind(this, i));
}

function delMessage(itemNum) {
    messages = document.getElementsByClassName('message');
    messages[itemNum].style.display = 'none';
}
As for the last point, we can do it simply - call the function we need inside the callback function of the event handler.
closeIco[i].addEventListener('click', () => {
    delMessage(i);
});

Similar questions
B
baranovstas2022-01-14 13:41:48
How exactly does await get the result of a promise? 1Reply
G
gooseNjuice()2022-02-07 18:37:20
What is the difference between the two requests? 2Reply
M
Manuchehr Jalolov2018-12-15 14:55:07
AJAX, jQuery request with CURLOPT_HTTPHEADER fields like in PHP? 0Reply
A
Alex_872022-02-17 21:04:03
How to smoothly display ajax posts in wordpress? 1Reply
A
asdemode2022-02-21 16:21:44
YITH Ajax Product Filter not working in custom theme, what should I do? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question