[wp-hackers] Ajax calls and cookie within the admin

L'Autre Monde autremonde75 at gmail.com
Mon Feb 23 20:36:26 GMT 2009

Ok but then, what do I need to perform to secure my ajax handler on the 
server side? Is there a method to check the cookie validity? Is the nonce 
verification enough?

----- Original Message ----- 
From: "Austin Matzko" <if.website at gmail.com>
To: <wp-hackers at lists.automattic.com>
Sent: Monday, February 23, 2009 9:32 PM
Subject: Re: [wp-hackers] Ajax calls and cookie within the admin

On Mon, Feb 23, 2009 at 1:06 PM, L'Autre Monde <autremonde75 at gmail.com> 
> One way to secure the call is to use the check_ajax_referer with nonce 
> which work pretty fine. Now I would like to understand how to handle the 
> cookie sent out to the server through Ajax. I have made some researches 
> but I cannot find out any details on the cookie handling for ajax calls.

If the cookies are set in the browser (which they should be, since
this is "within the admin", so the user must be logged in), then your
browser sends the cookie data in the header of the Ajax request:
there's no need for you to encode the cookie data directly as you do
in your example.
wp-hackers mailing list
wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list