[wp-hackers] Ajax calls and cookie within the admin
L'Autre Monde
autremonde75 at gmail.com
Mon Feb 23 20:36:26 GMT 2009
Ok but then, what do I need to perform to secure my ajax handler on the
server side? Is there a method to check the cookie validity? Is the nonce
verification enough?
----- Original Message -----
From: "Austin Matzko" <if.website at gmail.com>
To: <wp-hackers at lists.automattic.com>
Sent: Monday, February 23, 2009 9:32 PM
Subject: Re: [wp-hackers] Ajax calls and cookie within the admin
On Mon, Feb 23, 2009 at 1:06 PM, L'Autre Monde <autremonde75 at gmail.com>
wrote:
> One way to secure the call is to use the check_ajax_referer with nonce
> which work pretty fine. Now I would like to understand how to handle the
> cookie sent out to the server through Ajax. I have made some researches
> but I cannot find out any details on the cookie handling for ajax calls.
If the cookies are set in the browser (which they should be, since
this is "within the admin", so the user must be logged in), then your
browser sends the cookie data in the header of the Ajax request:
there's no need for you to encode the cookie data directly as you do
in your example.
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list