Don't worry about that without login nobody can access the ajax there are session guards over there CSRF token protection so security is not issue on that if you want to if you know the ajax work you also know isset and POST and GET fopen close are on backend on every PHP application