Is it safe to use ajax for login?

Question

Am about to include a log in system to my web Site but i don\'t think it\'s a good idea for security to use ajax to send a and receive confirmation from an external php scri

Answer 1

Login through ajax POST should be safe as long as you have a way of preventing the XSRF attacks. It can be done by setting X-CSRFToken header in your ajax request. On the server side you should have some sort of middleware to check and verify your CSRF Token from header.

You can set the csrf token in the cookie and then query it and set it in the header:

var csrftoken = $.cookie('csrftoken');

xhr.setRequestHeader("X-CSRFToken", csrftoken);

(I have used jquery cookie library here to illusrtate )