tag:blogger.com,1999:blog-21423058.post9188820670674298339..comments2023-10-09T19:16:10.744+08:00Comments on Web Scents: More security added for your BackboneJS appsSham Kamarulhttp://www.blogger.com/profile/10779192610741080235noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-21423058.post-72350107657418337842014-02-12T09:53:10.911+08:002014-02-12T09:53:10.911+08:00if your application often make use of ajax, then y...if your application often make use of ajax, then you should consider to place the token in the request header. It can help you to avoid other sites make abuse of your site. <br /><br />If you have any other thought, perhaps you can share it here.<br /><br />Thanks for your thoughtsSham Kamarulhttps://www.blogger.com/profile/10779192610741080235noreply@blogger.comtag:blogger.com,1999:blog-21423058.post-36396821757838633342014-01-29T22:22:37.819+08:002014-01-29T22:22:37.819+08:00Hi, thanx for showing this enhancement, just what ...Hi, thanx for showing this enhancement, just what I was looking for.<br /><br />The synchronizer token should be inaccessible to other sites, that's why it should be in a cookie. <br />You put in in the $_SESSION in your PHP login script, and thus in a cookie. <br /><br />However, you also send it in JSON to the browser in the user array. Should it not ONLY be sent in the cookie?EvTnoreply@blogger.com