Topic: Multiple AJAX calls

Hello,

I am writing a little tool using Xajax to basically run a series of tests, while at the same time providing the user with "real-time" feedback of the test results. The user presses a "Go" button which makes the first AJAX call. That AJAX call then calls the next and so on, each time adding more information in the html div tag.

My question is related to security. It is important that the tests are run in sequence so I need a way to verify that the previous test was completed successfully. I am concerned that somehow Test#3 could be run before Test#1 given the user figures out how to make the correct AJAX call by some other means.

Is there some sort of standard way of ensuring Test#3 is not run before Test#1?

Worst case I can use a local file on the server and track the test progress but I want to avoid that if I can.

Thank you for any advice/help.

Re: Multiple AJAX calls

Hi,

The order in which xajax calls are serviced has always been a bit of a mystery to me...

You can run the functions synchronously to insure their completion and order.


Ed

If you ever stop learning you may as well dig a hole, crawl in and pull the top over yourself.

3 (edited by timhoeppner 2010-12-23 6:59:51 AM)

Re: Multiple AJAX calls

Hey Ed,

Thank you for your response.

I am calling the successive AJAX calls in a "synchronous" fashion using the xajaxResponse::call() method. Forgive my limited knowledge of AJAX but I'm concerned that somehow the user can make an AJAX call that I have not made directly available to them.

For instance I have...

$AJAX_start = $xajax->register(XAJAX_FUNCTION, "AJAX_backupDatabase");
$xajax->register(XAJAX_FUNCTION, "AJAX_validateRootConfig");
$xajax->register(XAJAX_FUNCTION, "AJAX_validateDbConfig");
.... and so on ....

The only function I have made available to the user is the AJAX_backupDatabase using a HTML button. The AJAX_backupDatabase then continues the chain by using the xajaxResponse::call() to call the next function and so on.

How can I ensure AJAX_validateDbConfig cannot be called by the user directly and only by the successive chain of events? Or do I have nothing to be concerned about?

Re: Multiple AJAX calls

I don't think you have anything to worry about. The user cannot call any function that you have not made available.

By synchronous, I ment that the call from the client is synchronous. The server side register call is like this:

$xajax->register(XAJAX_FUNCTION,'my_function',array('mode' => "'synchronous'"); //From the online documentation...

Thus you could register all of your functions using the synchronous mode and call them sequentially from the browser using the result of the previous call.

Javascript:

...
xajax_func1();
xajax_func2();
xajax_func3();
...

Each function must complete before the next is called.

Ed

If you ever stop learning you may as well dig a hole, crawl in and pull the top over yourself.

Re: Multiple AJAX calls

That sounds interesting, it may be exactly what I'm looking for.

Thanks Ed.