Detecting Ajax in PHP and making sure request was from my own website

Let you Controller

  • generate access token
  • store in session for later comparison

In your View

  • declare the access token as JS variable
  • send the token with each request

Back in your Controller

  • validate token

Check these security guidelines from OpenAjax.
Also, read the article on Annie linked.

Leave a Comment