Javascript: AJAX Tips
AJAX offers extra dynamic web pages to the point that it could be possible to update or dynamically change a certain page without actually reloading it. In order to maximize its capacity, you should be able to consider some important points. First, since AJAX is Javascript, it is more likely very prone to security flaws due to the fact that it is executed in the client side. Therefore, its security is not assured. Second, though the "X" in AJAX stands for XML, it does not all the time mean that you have to use XML to pass data from the client to the server and vice versa. Finally, since AJAX offers the "no-refresh" dynamic web page update, it also means that if the user accidentally presses the browser’s Refresh or Back button, then there is a possibility that the user’s current page may be lost. Anyways, here are my AJAX tips:
- Use JSON instead of XML - JSON is more lightweight than XML, therefore it is transferred faster and is as efficient as XML. Though if used with PHP’s "jsondecode()" to translate JSON into objects or arrays, it may not support characters other than UTF-8. In order to solve this problem, it is possible to use a Javascript base64encode() for each value in the JSON string, then later on use PHP’s base64decode() to decode the characters.
- Include a dynamic sha1() encoded session parameter for every AJAX request - Always use $SESSION[] to store the dynamic session and compare their values every AJAX request. This is to ensure that the request is authentic. If and when it is not authentic, then you may have the advantage of canceling the request since it is already considered invalid.
- Use sessions for every dynamic web page update - Everytime the page is being updated, always use sessions to determine how far the user has gone through. So that if the user accidentally presses the Refresh or Back button, he can still continue to work on the web page without starting from the very beginning.

