php - Securing REST API using HTTP_X_REQUESTED_WITH and SESSION IDS -
i'm building api website , want api accessible own website. way i've built call php file using ajax:
<?php session_start(); ?> <script> $.ajax({ type: "get", datatype: "json", url: "secureapi.php", data: "test="+document.cookie.substring(document.cookie.lastindexof('phpsessid')).replace(/phpsessid=/gi, '') + "userid=123", success: function(response){ console.log(response); } }); </script> in php file check if it's called xmlhttprequest , session_id correct:
<?php session_start(); if(strtolower($_server['http_x_requested_with']) == 'xmlhttprequest' , $_post['test'] == session_id()){ //query database , return json } ?> is secure enough or can session_id curl or something?
Comments
Post a Comment