I am working on a web mobile application using AJAX. The application has 4 pages: one account and 3 secure pages are displayed only for registered users.
I plan to use the application template with one page, so all 4 pages will be loaded immediately, each of which will be inside its own DIV identifier, and initially only the login name will be visible.
As soon as the user enters his user / pass, I create XMLHttpRequest and communicate with the internal PHP script, which, in turn, uses the prepared instructions to check whether the user / password exists in the database and returns true or false to XMLHttpRequest.
If the result is correct, I will make the protected DIV visible and load the necessary data from the server by creating another XMLHttpRequest and going through another PHP script to interact with the database. This step is repeated when the user moves between other secure pages. I also plan to implement cookies so that users log in again using the XMLHttpRequest / internal PHP script.
Below is an image describing the process.
Questions
- Will this structure look normal? Any problems that may arise, I do not foresee?
- Is the structure safe? Any ways I can harden him further?
source
share