我有一个使用会话cookie的安全网站。它工作正常和所有的，但任何Ajax请求，现在不是安全的。例如之中可以说用户是一个页面上。他们只能得到这个页面，如果他们被记录在一个会话 - 到目前为止好。但现在他们要求的Ajax请求

i have a website that uses session cookies for security. it works fine and all, but any ajax requests right now are not secure. example being lets say a user is on a page. they can only get to this page if they are logged in with a session - so far so good. but now the ajax request they ask for is

ajaxpages/somepage.php?somevar=something&anothervar=something

如果其他用户决定只要到该链接本身（没有一个会话），他们仍将获得是为那些登录的用户的同一个AJAX输出。

if any other user decides to just go to that link themselves (without a session) they still get the same ajax output that was meant for logged in people.

如此明显即时通讯将不得不当我发送一个Ajax请求整个传递会话数据。任何人有这样做的最好方法什么建议吗？以前我从来没有这样做，宁愿使用受信任的方法而不是弥补我自己的。

so obviously im going to have to pass session data across when i send an ajax request. anyone have any tips for the best way of doing this? ive never done this before and would rather use trusted methods than make up my own.

推荐答案

Ajax请求的工作就像任何其他的要求，你的网站，应返回相同的会话cookie的非Ajax请求。这指出了这个问题。如果你没有得到的会话cookie，也许别的东西是错误的。

The ajax requests work just like any other request to your website and should return the same session cookies as the non-ajax request. This is pointed out in this question. If you aren't getting the session cookie, perhaps something else is wrong.