Securing AJAX pages

Posted on 2007-07-25
Last Modified: 2012-06-02

Is it possible to secure my ajax pages?  Ajax normally needs 2 pages, the front-end page which displays the results returned, and the backend page which generates the results.  How do I stop people from accessing the backend pages?

for example, right now people can do something like


and it will show them everything based on the querystring.

how can i stop them from doing that?
Question by:narmi2
    LVL 24

    Accepted Solution

    I have found that the easiest way to accomplish this is to generate a secure key for each browser session. Each time a user opens a new session, your initial backend scipt should create a key and send it along with the HTML/Javascript. Your Ajax functions should send this key to the backend with each request. You only respond to the request if A) the key is present, and B) it matches the key that you generated initially.

    You can also store browser or IP information when you generate the key, and use these to make sure that someone hasn't hijacked as session in progress.

    Finally, make sure the keys expire in a reasonable amount of time, so that brute-forcing will be less likely to succeed.
    LVL 24

    Expert Comment

    Also take a look at SAJA (, which focuses on Ajax security.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
    Part of the Global Positioning System A geocode ( is the major subset of a GPS coordinate (, the other parts being the altitude and t…
    Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
    The viewer will learn how to count occurrences of each item in an array.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now