Re: tokenize remove call

I've thinked (inside the view):
1) grab the server's date/time
2) md5 it and save in $token
3) store $token in a session variable

send the token to remove function through "with" parameter of ajax
call:
echo $ajax->link('Remove', array(
'controller' => 'collections',
'action' => 'remove',
$id
),
array(
'update' => 'ajaxContent',
'with' => '{
token: "'.$token.'"
}'
)
);

CONTROLLER:
Then inside remove() function:
1) Grab the token passed through "with"
2) Grab the token store in session variable
3) if two tokens are equals perform real action
4) remove token stored in session

On 9 Set, 15:00, "Mariano C." <mariano.calan...@gmail.com> wrote:
> I try to explain better. I have a remove link inside my view,
> something like:
>
> h_ttp://myweb.com/collections/remove/12
>
> This will remove element with id 12, and it works perfectly. If a user
> call this element coping and pasting it inside a browser URL field
> this works too, but I want that this call happen ONLY if action is
> fired by a link clicking.
>
> How can I do?

Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.

You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en