Reply To: Ajax Nonce

[fooman]

The reason I said no-Wordpress is because if you Google “Ajax nonce” or something similar, you get mostly WordPress answers. Answers based on WordPress-specific functions and plugs.

I thought that a nonce is a ‘number used once’. So when a submission is NOT successfull, you’d generate a new one otherwise an attacker could continue to try to submit the form with the same token in place. No?

I’ve never ran across a tutorial or technique that has a specific expiration of a nonce. Do you have a working example that does this? Most examples I’ve seen utilize sessions with no specific expiration.

Thx for the reply!