Hi,
Instead of sending auth credentials you might want to reuse client's JSESSIONID (cookie) which won't expose people credentials :)
Hope this helps!
Thanks Micky!
I'm sorry, I'm quite new to using sessions (cookies).
Is there an example somewhere i can go off with using cookies to get custom field values?
I really appreciate your help.
Thanks,
Pon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
After a second thought, you should not need authentication if your script is executed in an authenticated context. User and password from current session will be saved.
If you need to authenticate the AJAX with another user's credentials, you can use Basic Auth with AJAX as explained here: https://zinoui.com/blog/ajax-basic-authentication
That's a good way to "hide" credentials. I guess it's far better than generating a cookie and reusing it as you'll need to pass the credentials to generate a cookie anyway :)
Please note that Basic Auth is reversible and I can't imagine any "truely secure" way of authentication through ajax with no credentials displayed.
Hope this helps!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.