It seems that Google does this somehow (e.g. in Maps) but couldn't find any good pointers on how they do it.
you can pass a unique token to the client on the html part, and check for the token for a match on ajax requests.
i would pass the token to the page in a <script> block as a var (instead of a hidden input) to prevent backenders from being able to easily scrape the token.
I don't quite follow here, what good would that do? I could just take that token to another website?
Originally Posted by rnd me
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)