开发者

How to prevent POST requests from ajax (obtained through firebug)

How would I prevent users from spamming a post request? For example, a form is submitted via Ajax post. Us开发者_如何学JAVAing firebug I can see the post request, but I noticed that this request can be easily repeated by right clicking on it and selecting "open in a new tab" How can I prevent something like this?


When a valid user logs in or begins a session, generate a random token string and place it in a hidden form field. Each time a valid post is made by a valid user, generate a random token string and store it in $_SESSION while also returning it to the client browser. When a the browser makes another Ajax post request, it must also send that token string which you compare against the $_SESSION.

That way you can only make an Ajax post if your server has previously sanctioned it. It prevents anyone who simply knows the Ajax handler's URL from sending HTTP requests to it.


Any web form can be posted to in any number of ways. What you need to do is make sure the server-side script that processes the form has the logic needed to "ignore" spammy requests.


You can't reliably. But you can check for the HTTP_X_REQUESTED_WITH header which is usually send along with ajax requests. It can be spoofed though, and can also not be there for genuine ajax requests.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜