是否可以安全使用AJAX进行登录？ [英] Is it safe to use ajax for login?

问题描述

我即将包括登录服务系统到我的网站，但我不认为这是一个好主意，为安全使用Ajax来发送和从外部称为PHP脚本的login.php收到确认 和注销相同的方式与另一logout.php 任何建议

Am about to include a log in system to my web Site but i don't think it's a good idea for security to use ajax to send a and receive confirmation from an external php script called login.php and log-out the same way with another logout.php any recommendation

推荐答案

我想不出在使用Ajax来处理登录和注销的任何安全隐患。不要紧，你来回发送（只要你不从服务器发送明文密码的客户端）阿贾克斯之间和服务器端层，因为会议将是一个将举行授权状态。

I can't think of any security implications on using Ajax to handle login and logout. It doesn't matter what you send back and forth (as long as you don't send plain text passwords from server to client) between the ajax and sever side layer, because the session will be the one which will hold the authorization state.

不过，你仍然要刷新页面，或重定向到显示相应的内容，以刚刚授权用户。所以，我不认为阿贾克斯将是在这种特殊情况下有效。

However, you would still have to refresh the page, or redirect to show the appropriate content to the just authorized user. So, I don't think Ajax is going to be effective at this particular situation.

这篇关于是否可以安全使用AJAX进行登录？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！