Not too clear on how to authorize PHP AJAX calls with session_id or against any $_SESSION variables actually.
Should it be stored in the database upon login and referenced against a $_SESSION storage on each AJAX call?
I know these subjects have probably been discussed ad infinitum, but I can't seem to find a clear answer.
Thanks in advance!
Revelation
Wow, so authorization is limited to whether or not there's a session? Scary. Makes me wonder if that's all that .net's web.config's deny="?" is doing. Thanks all for your help!