Link to home
Start Free TrialLog in
Avatar of Sucao
Sucao

asked on

Best way to make a login for an AJAX, PHP, Javascript site

Hey guys, not sure if this question has been answered before but It's a little broad. I am looking for the best way to make a login for my site. Right now the site is all html pages that connect to javascript pages which run ajax to connect to PHP pages when needed to update the server (when on one of the users writes articles or something). Right now there is no login for the website, but I eventually think it would be good if people could make a profile and have their own little space. I think that this would require some sort of login system which runs from page to page. I don't know much about making a login system based off of sessions or if there is a way to pass session variables from PHP to javascript.

My question is, is switching all of the HTML pages to PHP and then trying to create a SESSION based login system good? Or is there some better system that currently uses AJAX, and PHP like I am using now? Could you also tell me why you think your solution is the best? Which one is easier to implement and faster to load? Also, which one will be more secure?

Thanks guys,
Rick
ASKER CERTIFIED SOLUTION
Avatar of Cornelia Yoder
Cornelia Yoder
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Frosty555
Frosty555
Flag of Canada image
You will need to use PHP sessions at one point or another. But you may be able to just set and check the session var in your existing PHP pages (the ones called via ajax). Have those PHP pages deny access if the user isn't logged in, and then have error handlers on the html pages to handle those events.

If you have trouble getting the sessions to register on your pages, you may need to rename all your pages from .html to .php, and register the session in them. But no further code changes should really be necessary.

Don't try to implement the login code in javascript on the client side. It must be the PHP side that decides whether sensitive data makes its way to the client. Once its on the client side, no amount of javascript can really protect it. It's not secure to implement login or access restrictions on the client side.