stack_overflow_ajax mobi格式



login implementation in PHP/MySQL/Apache Score: 10 - Gino Sullivan (2011-11-12) [php], [ajax], [iframe], [login] i am building a new site where a user can login. i have 3 options here: 1) classic: and the submit button goes to login.php and validates and redirects if success 2) ajax: same as above but do an ajax call instead and then the javascript redirects 3) iframe: same idea as stackoverflow/openid i am wondering which one is better and more secure? thanks Score: 13* - Robert Van Sant (2011-11-12) well, in my opinion options 1 & 2 should use post, and in your code you should make sure the request is post. you should also add in other session logic against spoofing if you want the application to be super secure, but this is preferential to the developer and the application. i find iframes to be evil and many hackers use iframes to hack unknowing user’s accounts. openid is a trustworthy way to login and is becoming more widely adopted, as well as the facebook version of openid. i know they use the iframe method, but verification is doubled and i believe https is required to implement these type of logins. again all of this is just my opinion and mostly reliant on the developer’s design and business needs/requirements of the application. hope this helps :slight_smile: (4.2 MB)