Ajax Request Query String

I'm using Java Scripts for send Ajax requests. Please look at the following code fragment:

var url="/ajaxr.do";
url=url+"?username"+username;
url=url+"&password="+password;
url=url+"&sid="+Math.random();
xmlHttp.onreadystatechange=stateChanged;
xmlHttp.open("GET",url,true);
xmlHttp.send(null);

In the above example, I'm sending a password as a Http GET request. Now I have two questions.

1. Sending a password as a GET request, is not good for security. So, how can I send it as a POST request?

2. If the password contains some special symbols (eg: ? % & #), then the request will be failed with the query string! How can I solve this?

Please kindly provide an answer for this.

Thanks,
Treimin.

Whoa! I got it my self.

I modified the code as following:

var url="/ajaxr.do";
url=url+"?username"+username;
url=url+"&password="+password;
url=url+"&sid="+Math.random();
xmlHttp.onreadystatechange=stateChanged;
xmlHttp.open("POST",encodeURI(url),true);
xmlHttp.send(null);

You are still sending the values as a query string. Look at the call with a proxy.

http://www.openjs.com/articles/ajax_xmlhttp_using_post.php

Eric

Hi Eric,

Thank for your kind response.

I read that site, but I didn't find any clear difference between my program and their program.

Can you explain me please?

You are still appending the username and password to the url

You are not sending any post parameters:

Look at the article again, very closely.

Eric

Wow Eric, I got it

Thanks a million!

Thank you so much, you are great .
[ December 05, 2008: Message edited by: Treimin Clark ]

Hi Eric,

Today I got a problem with this. I used the POST method with Ajax as you explained. It works correctly on both IE and Fire Fox.

How ever, it is not work successfully on Google Chrome. Chrome doesn't send the Ajax request to the server, when I used it as you said:

But if I send the same post request with a query string (as I mentioned in my previous post), it works!

How can this be?

Can someone tell me, what should I do for this?

Er, avoid Google Chrome until they fix it?

Have you reported this bug to them?
[ December 22, 2008: Message edited by: Bear Bibeault ]

Have you looked at what is being posted to the server? Are you getting headers?

Have you tried to use the debugger? http://www.pascarello.com/lessons/browsers/ChromeDebugHelp.html

Eric

Have you looked at what is being posted to the server? Are you getting headers?

Nothing is posted to the server. Chrome do nothing with that!

So, what should I do? Should I send the parameters as a query string, by appending to the url? (This is working).

Or, should I tell my clients to don't use Chrome?

In addition to that,

When I attempt to send the ajax post request with those headers, the ajax url is displayed on the address bar

But it doesn't do anything!

Post a bug to http://code.google.com/p/chromium/ with the details and some sample code. I looked and did not see an error like yours. Send that bug report to the client and say to not use chrome until they fix the bug.

You can offer them up a less secure way with the GET, but I would do that as a last resort.

Eric