473,722 Members | 2,338 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

state management using query string

Can somebody tell me about state management in asp.net
using Query Strings.
I am just unable to understand this.
Anshul
Nov 17 '05 #1
1 3335
> Can somebody tell me about state management in asp.net
using Query Strings.
I am just unable to understand this.


Here's how it works:

You want to remember a couple of things about a user - for example, their
favorite color and their atm card pin.

Now, you could use both in the query string, having:

http://www.mysite.com/default.aspx?c...range&atm=0000

However, your users probably don't want to be sending their atm card pin
number back and forth across the wire, or showing up in all of their URLs.
They would rather keep that quiet. So, you create a little mailbox on the
server to store this information, and the only thing you have to do in order
to figure out which mailbox to go to is the mail box ID.

So, I create a mailbox #5150 for you. I then store in this mailbox two
variables: color=orange and atm=0000. Now, I just need you to tell me what
mailbox to go to - I no longer send this information back and forth.

Traditionally, you would store this information in a cookie - a small bit of
text that is transmitted back and forth with each request to a particular
site. But, a lot of people turn cookies off, and this could break your site.
Consequently, people figure out other ways to send this mailbox ID back and
forth. One way is to put it into a hidden form field. the other is to put it
into the querystring. Now, your querystring is:

http://www.mysite.com/default.apsx?mailboxID=5150

Once I get to the server, I know exactly which mailbox to open and get the
information about you.

Now, just call those mailboxes Sessions, and there you have it.

Of course, you can also see the security implications. You can't just grab
information off of the wire. However, using cookies, you could sniff packets
to see what the Session ID is, and then create a new cookie using this
session ID. It's hard, but not impossible. With a hidden form field
solution, all you have to do is view source - a little bit easier to craft a
request like this if you want to hijack somebody's session. With a
QueryString solution, all you have to do is convince somebody to send you a
link to something. If you aren't thinking, or aren't aware of this important
tidbit of information existing in that link, you could very easily hand
somebody over the ability to be you on that application without even having
to try very hard.

If you want to prevent hackers from session hijacking, you need to consider
SSL as part of your total solution.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
--
Nov 17 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
14043
WMI error using System.Management.ManagementClass
by: Paul Gronka | last post by:
I've got a VB.NET windows application (written in VS .NET 2003) that makes a call to WMI for retrieving the MAC Address from the client's PC. It works on 4 out of the 5 PC's tested so far. All the workstations are DELLs running XP SP1a with the 1.1 .NET Framework. The following line of code generates an exception on the one PC: Dim oMac As New System.Management.ManagementClass("Win32_NetworkAdapterConfiguration") The error it...
.NET Framework
1
6973
Windows service operation throws error: Operation is not valid due to the current state of the object.
by: Zeya | last post by:
I have this code, which uses WMI to operate on Windows service from C# code. When Service.InvokeMethod is called, the method throws an exception: System.Management Operation is not valid due to the current state of the object. at System.Management.ManagementObject.InvokeMethod(String methodName, Object args)
C# / C Sharp
0
278
state management using query string
by: anshul | last post by:
Can somebody tell me about state management in asp.net using Query Strings. I am just unable to understand this. Anshul
ASP.NET
4
2339
Out of Process State - MSSQL
by: Chad Crowder | last post by:
I've taken a look at this article http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspnet/html/asp12282000.asp which someone posted a month or so ago regarding setting up SQL server to handle state data. The article references .Net beta, and the file state.sql in the framwork/1.0x directory, but that file doesn't exist for version 1.1.4322. I'm wondering if there's a component that I need to install, or if I need to...
ASP.NET
8
1727
State Persisted Without Session or Application -- Why ?
by: Anthony P. Mancini | last post by:
I'm working on a proof of concept that will ultimately be deployed on a load balancer. For the sake of a preliminary demonstration I created a C# object and marked it's attributes as Public Shared Static. I also set the EnableSessions and EnableViewState Page directives to false. Here's the part that stumped me : as I was moving from page to page within the demo, I accidently realized the data I dropped
ASP.NET
13
2444
Is "InProc" suitable for production Session State?
by: James Hunter Ross | last post by:
We love the ASP.NET "Session" concept and make good use of it. But, getting close to deployment we find we lose sessions far too often, probably due to application restarts, etc. We hope to eliminate these restarts, but we're not sure that can be achieved. (We are exploring who/what might be touching web.config or assemblies or other files in our application, but have found nothing so far.) We have some serious rewriting to do if all...
ASP.NET
3
12512
Which one of the following is NOT a valid state management tool?
by: cmay | last post by:
The question is: Which one of the following is NOT a valid state management tool? And the possible answers are: 1. Hidden Form Fields 2. Cookies
ASP.NET
0
1077
How to properly manage state in events A and B, when event C fires
by: kirk | last post by:
I have three events that I have created and manage with timers. Two of the timer event handlers, the last two in the code below, need to reset state management data, if the first event handler fires. My question, is what I have implemented the right way to design state management, or is there maybe a best practice to design this differently? private string szData1 = null; public string Data1 {
C# / C Sharp
0
8863
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9384
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
9238
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
9157
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9088
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
4502
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
4762
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
2602
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2147
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us