[wp-hackers] Ajax calls and cookie within the admin

Austin Matzko if.website at gmail.com
Mon Feb 23 20:32:18 GMT 2009


On Mon, Feb 23, 2009 at 1:06 PM, L'Autre Monde <autremonde75 at gmail.com> wrote:
> One way to secure the call is to use the check_ajax_referer with nonce which work pretty fine. Now I would like to understand how to handle the cookie sent out to the server through Ajax. I have made some researches but I cannot find out any details on the cookie handling for ajax calls.

If the cookies are set in the browser (which they should be, since
this is "within the admin", so the user must be logged in), then your
browser sends the cookie data in the header of the Ajax request:
there's no need for you to encode the cookie data directly as you do
in your example.


More information about the wp-hackers mailing list