0

I'm developing a mobile application that requires users to login, and then they can use the application. The application will submit data to the server upon submission. Here's my question: if I want the application to be available to users even when there is no internet connection, I will allow them to bypass the login screen and use the application without logging in. However, once an internet connection is available, and the application knows that, and tries to submit the information to the server (through jQuery AJAX), how do I validate the request? It seems like if someone really wanted to, they could set up their own web page and submit their own [fictitious] data to my server using the same AJAX URL and data format that my application is using. What would stop them? How do I ensure on my server side (receiving end of the AJAX request) that the only data coming in belongs to my application, and not someone who is simply mimicking my AJAX requests?

The only thing I can think of is when the application detects that the internet connection is back, immediately show the user the login screen, and then use an expiring cookie/ticket to validate the AJAX requests.

Any advice? Thanks!

Improve this question
3
  • What kind of server are you running? Commented Oct 25, 2012 at 21:09
  • IIS. I'm making the app available offline using a standard manifest file. Commented Oct 25, 2012 at 21:13
  • stackoverflow.com/questions/11542910/… Commented Oct 25, 2012 at 23:17
Related questions
2
Using Authentication with Ajax.Request
7
jQuery HTTP authentication
467
Use basic authentication with jQuery and Ajax
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.