Securing GET call

I have a file, caller.php, which takes a GET URI that specifies a value to search the database for. The data is then returned in JSON format using php.

I want to protect caller.php so that it is only accessible from another page, get.php, using an AJAX call.

What is the best 开发者_JS百科way to go about this?

I want to protect caller.php so that it is only accessible from another page, get.php, using an AJAX call.

You can't. An AJAX call can be easily faked, as can its origin.

There is no reliable way for you on server side to tell whether a call is an Ajax one or not, nor where it came from.

You need to secure your Ajax resource the same way you would secure a normal page - e.g. through an authorization system like a user login, etcetera.

Without such an authorization system in place, you have to assume that everyone can access the URL.

You could check the session to see if the call is authorized or not. AJAX requests will send you the PHP session cookie. This assumes that caller.php is secured by some kind of user login system that uses sessions