Prevent direct access to a PHP page

Question

How do I prevent my users from accessing directly pages meant for ajax calls only?

Passing a key during ajax call seems like a solution, whereas access without the k

Answer 1

It sounds like you might be going about things the wrong way. An AJAX call is just like a standard page request, only by convention the response is not intended for display to the user.

It is, however, still a client request, and so you must be happy for the client to be able to see the response. Obfuscating access using a "key" in this way only serves to complicate things.

I'd actually say the "curse" of view source is a small weapon in the fight against security through obscurity.

So what's your reason for wanting to do this?