Does Elgg check the session token whey we send a request via ajax 1.8.8
By TrungHuynh
Hi all,
We are implementing an ajaxify comment on our page. But we have a concern whether Elgg handles session token when we submit the form or not. Although, we insert tokens into ajax url, if we have to handle the tokens in backend site or Elgg 1.8.8 already take them.
Beginning Developers
This space is for newcomers, who wish to build a new plugin or to customize an existing one to their liking
- Matt Beckett@Beck24
Matt Beckett - 0 likes
- TrungHuynh@trunghuynh
TrungHuynh - 0 likes
- Matt Beckett@Beck24
Matt Beckett - 0 likes
You must log in to post replies.If you're using the elgg ajax function: elgg.action() it's all taken care of for you
Hi Matt,
I saw in the lib a snippet code
// This is a misuse of elgg.security.addToken() because it is not always a
// full query string with a ?. As such we need a special check for the tokens.
if (!elgg.isString(options.data) || options.data.indexOf('__elgg_ts') == -1) {
options.data = elgg.security.addToken(options.data);
That means elgg.action will add the token for us. But I concern that in server side, do we need to take care the token or ELgg will help us about it ?
If you're using the action pagehandler it'll be checked