The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End Ajax Nonce Reply To: Ajax Nonce


The reason I said no-Wordpress is because if you Google “Ajax nonce” or something similar, you get mostly WordPress answers. Answers based on WordPress-specific functions and plugs.

I thought that a nonce is a ‘number used once’. So when a submission is NOT successfull, you’d generate a new one otherwise an attacker could continue to try to submit the form with the same token in place. No?

I’ve never ran across a tutorial or technique that has a specific expiration of a nonce. Do you have a working example that does this? Most examples I’ve seen utilize sessions with no specific expiration.

Thx for the reply!