Using Ajax and jQuery to login a user through a PHP-script, is it secure?

Question

Hi there, quick question, is it secure to use the jQuery.post function in jQuery to pass a users login information to a PHP script? Im thinking about using a piece of code like this:

 $("#login_form").submit(function() {
  var unameval = $("#username").val();
  var pwordval = $("#password").val();
  $.post("backend.php", { username: unameval, password: pwordval }, 
                function(data) {
   $("#status p").html(data);
  });
  return false;
 });

I'm just wondering if this just as secure as creating a standard login form that requests a new page upon submit.

Answer 1

I don't see any difference on a packet-sniffing level. You can use SSL to improve things a bit, but otherwise it's all about how you plan on setting that login cookie. A request is a request is a request.

Answer 2

jQuery doesn't make this system less secure. You do have to worry about the same types of attacks that affect other login systems. So I would recommend using SSL as well as a CSRF token. If you don't include a CSRF token then an attacker can use other people browsers to brute force your login portal, nasty stuff.