Hi,
for critical apps I use https.
In every ajax call I just include session id for that user (session id
assigned when login success) and I maintain a list of valid session Ids
server side. So before processing any request I check if session id is in
the list. Session id is removed from list in c
Hi
I am wondering about best practices for Internet Application security.
I am assuming that the login process should be done using HTTPS so that
the user name and password are not sent in plain text. However how
should ajax calls be handled? I do not want just anyone accessing data
via ajax
