Set headers to GET/POST request

Question

We want to send authentication token and signature during GET/POST request. We are not preferring to send security information through body Or parameter. So we decided to send through headers in request.

When we googled we got to know that we can do this using ajax post request. But we want to move to next pages with headers.

How we can implement this?

Edited:

We had plan to store these information on cookies. But in iPhone if cookies is disabled will change behaviour of our website. So to overcome we are planning to send through headers.

Answer 1

You can set X-AUTHENTICATION-TOKEN in ajax request something as below which I am using for a real time REST API call via ajax requests.

$.ajax({
    type: "GET",
    beforeSend: function (xhr) {
        xhr.setRequestHeader('X-AUTHENTICATION-TOKEN', 'token string');
    },

The server side must set the header something as

header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, X_AUTHENTICATION_TOKEN');

And to retrieve the data on server side you may have

if (isset($_SERVER['HTTP_X_AUTHENTICATION_TOKEN'])) {
    $request_header = $_SERVER['HTTP_X_AUTHENTICATION_TOKEN'];
} else {
    if (function_exists('getallheaders')) {
        foreach (getallheaders() as $header_name => $header_value) {
            if ($header_name == 'X_AUTHENTICATION_TOKEN') {
                $request_header = $header_value;
            }
        }
    }
}

So here $request_header will be the token and you can use this in the server side script for validation.