Hi,



I plan to implement my own voting mechanism using AJAX and I have a problem: how do I make sure that the current vote is coming from the current user ?

If I use a code like this:

My_AJAX_Object.send('press-operations.php', 'action=vote&user_id=$user_id

? a hacker could call this URL with a different user_id, effectively being able to vote on any user's name !

Any solutions to this ?


Regards,
Razvan M.

An ajax request is still a standard http request, cookies are still passed, so you can use the sessionid to check the userid against the one in the session table.

An ajax request is still a standard http request, cookies are still passed, so you can use the sessionid to check the userid against the one in the session table.

I understand: it is not complicated. Thank you.