This may be a can of worms but I wanted to throw it out here. I am
gathering pros and cons for using querystring vs session variables for
passing row keys in a ASP.net application. I want to be as thorough as
possible so why not throw out this situation to the development
community. Thoughts and opinions are appreciated.
8  3368 
Its easy to forget to remove the key from session once its usability
has passed.
I figure that session is for keeping information long term over some
substantial life time, such as tracking that a user is logged in.
Querystring is fine for page by page stuff, but there's also the
Viewstate and Cache considerations as well. I don't think you can weigh
up such an argument without including these 2 forces of nature.
Steven db******@progre ssive.com wrote:
This may be a can of worms but I wanted to throw it out here. I am
gathering pros and cons for using querystring vs session variables for
passing row keys in a ASP.net application. I want to be as thorough as
possible so why not throw out this situation to the development
community. Thoughts and opinions are appreciated.
Querystrings are editable by users. This can sometimes be a good thing for
knowledgeable users, however you must carefully think about the security
implications if users go tinkering with the querystring parameters.
Querystrings are visible by users. This can be a good thing in cases where
the user saves a URL in their favorites, because it can potentially also
save the state too, assuming you're keeping state in the querystring.
However this can be bad if retrieving the querystring from their favorites
causes your app to throw an error, then the user is left looking at an
unfriendly error page instead of the page they thought they'd bookmarked.
Session strings are more reliable and secure because they are always kept on
the server and never visible or editable by users. The main downside to
session variables is that each one takes up space in server memory, thus
limiting the scalability of the site. (However there are ways to deal with
this such as using a SQL state server or a centralized state server.)
Don't forget about other alternatives, such as the context object, cookies,
saving to a database, hidden fields (to help post data between forms), etc.
Here are some good articles on the subject: http://SteveOrr.net/faq/PassValues.aspx http://www.aspalliance.com/kenc/passval.aspx http://msdn.microsoft.com/msdnmag/is...e/default.aspx
--
I hope this helps,
Steve C. Orr
MCSD, MVP, CSM http://SteveOrr.net
<db******@progr essive.comwrote in message
news:11******** **************@ m7g2000cwm.goog legroups.com...
This may be a can of worms but I wanted to throw it out here. I am
gathering pros and cons for using querystring vs session variables for
passing row keys in a ASP.net application. I want to be as thorough as
possible so why not throw out this situation to the development
community. Thoughts and opinions are appreciated.
For what it's worth I dont think that you can realisitically compare
one with the other as though they always represent a straight choice.
There are circumstances when one or the other may be the only viable
solution.
To give some examples. I recently developed an application that created
tables of data (with a layout that couldn't be supported by a DataList)
where each cell needed to contain a server control to initiate a
postback with a parameter that would be used to retrieve data from a
database. As the controls were being created programatically and there
were many of them, I couldn't use link buttons because I had know way
of creating an event handler on the fly. The solution here for me was
to use hyperlinks that pointed back to the same page with the parameter
in a query string, which could be created programatically and detected
easily as part of the page load event. I don't see how this could have
been achieved using Session state variables.
On another occasion I could'nt use a query string without making the
coding of the page load event over complicated. This was caused by the
fact that a page request using a query string doesn't initiate a
postback event (so IsPostBack is always false) and so you have to
differentiate between an initial page request and a repeat one.
I made myself a common function which moves a session variable to the
viewstate on page load.
This means i only use it for passing data from one page to another and
release the session var imm.
If needed i simply put it on the session again and jump to another page.
Of course, these target pages must be aware of this singkle item but that's
how i do it.
Once you have such a function it all becomes very handy.
On each postback it verifies if the session var exists and 'updates' a
private variable which is of course 0 on first load.
You can ommit this since it's a postback but i dont' mind.
<db******@progr essive.comschre ef in bericht
news:11******** **************@ m7g2000cwm.goog legroups.com...
This may be a can of worms but I wanted to throw it out here. I am
gathering pros and cons for using querystring vs session variables for
passing row keys in a ASP.net application. I want to be as thorough as
possible so why not throw out this situation to the development
community. Thoughts and opinions are appreciated.
"Edwin Knoppert" <ne**@hellobasi c.comwrote in message
news:45******** **************@ text.nova.plane t.nl...
>I made myself a common function which moves a session variable to the
viewstate on page load.
This means i only use it for passing data from one page to another and
release the session var imm.
If needed i simply put it on the session again and jump to another page.
Of course, these target pages must be aware of this singkle item but
that's how i do it.
I do pretty much exactly the same...
If my primary key is a guid, then I use querystring.
If my primary key is an int, I go to the Session route.
EmpID=123 is too easy to change to EmpID = 124 ......in my world. http://sholliday.spaces.live.com/?_c...26ayear%3d2005
I have a Session Wrapper object.
On the page1, I put a small object into my wrapper object.
On page2, I have both an indexer and .Remove method. I use the .Remove
method. That way I get the value, but don't orphan it.
The object I put into the SessionWrapper is small. Usually just an int.
I also have an abstract class, which I inherit from. The abstract class has
"EditMode" ... which is an enum with 2 values. AddNew and Edit(Existing)
This way, I can decide on the SomethingEdit.a spx page.... whether I'm adding
a new one or editing an existing one, without a bunch of weirdo logic saying
if (empid == null) || (empid<=0)
I have an enum value which tells me.
.......
If I was edting an employee. I'd extend the abstract class, and add an EmpID
property
EmpArg : MyBaseEditModeC lass
--EditMode
--EmpId
Anyway. Its a little complex at first, but I like it.
If youre using guids
EmpEdit.aspx?em puuid=0E139585C E5542d985098C78 98FB4CF8
Then odds are, no one is going to guess another empuuid
<db******@progr essive.comwrote in message
news:11******** **************@ m7g2000cwm.goog legroups.com...
This may be a can of worms but I wanted to throw it out here. I am
gathering pros and cons for using querystring vs session variables for
passing row keys in a ASP.net application. I want to be as thorough as
possible so why not throw out this situation to the development
community. Thoughts and opinions are appreciated.
Sessions expire, viewstates not..
"sloan" <sl***@ipass.ne tschreef in bericht
news:uw******** *****@TK2MSFTNG P02.phx.gbl...
>
If my primary key is a guid, then I use querystring.
If my primary key is an int, I go to the Session route.
EmpID=123 is too easy to change to EmpID = 124 ......in my world.
http://sholliday.spaces.live.com/?_c...26ayear%3d2005
I have a Session Wrapper object.
On the page1, I put a small object into my wrapper object.
On page2, I have both an indexer and .Remove method. I use the .Remove
method. That way I get the value, but don't orphan it.
The object I put into the SessionWrapper is small. Usually just an int.
I also have an abstract class, which I inherit from. The abstract class
has
"EditMode" ... which is an enum with 2 values. AddNew and Edit(Existing)
This way, I can decide on the SomethingEdit.a spx page.... whether I'm
adding
a new one or editing an existing one, without a bunch of weirdo logic
saying
if (empid == null) || (empid<=0)
I have an enum value which tells me.
......
If I was edting an employee. I'd extend the abstract class, and add an
EmpID
property
EmpArg : MyBaseEditModeC lass
--EditMode
--EmpId
Anyway. Its a little complex at first, but I like it.
If youre using guids
EmpEdit.aspx?em puuid=0E139585C E5542d985098C78 98FB4CF8
Then odds are, no one is going to guess another empuuid
<db******@progr essive.comwrote in message
news:11******** **************@ m7g2000cwm.goog legroups.com...
>This may be a can of worms but I wanted to throw it out here. I am
gathering pros and cons for using querystring vs session variables for
passing row keys in a ASP.net application. I want to be as thorough as
possible so why not throw out this situation to the development
community. Thoughts and opinions are appreciated.
Everyone,
Excellent information. I appreciate everyones responces. The
Microsoft article above is a good read.
Thanks all
Edwin Knoppert wrote:
Sessions expire, viewstates not..
"sloan" <sl***@ipass.ne tschreef in bericht
news:uw******** *****@TK2MSFTNG P02.phx.gbl...
If my primary key is a guid, then I use querystring.
If my primary key is an int, I go to the Session route.
EmpID=123 is too easy to change to EmpID = 124 ......in my world.
http://sholliday.spaces.live.com/?_c...26ayear%3d2005
I have a Session Wrapper object.
On the page1, I put a small object into my wrapper object.
On page2, I have both an indexer and .Remove method. I use the .Remove
method. That way I get the value, but don't orphan it.
The object I put into the SessionWrapper is small. Usually just an int.
I also have an abstract class, which I inherit from. The abstract class
has
"EditMode" ... which is an enum with 2 values. AddNew and Edit(Existing)
This way, I can decide on the SomethingEdit.a spx page.... whether I'm
adding
a new one or editing an existing one, without a bunch of weirdo logic
saying
if (empid == null) || (empid<=0)
I have an enum value which tells me.
......
If I was edting an employee. I'd extend the abstract class, and add an
EmpID
property
EmpArg : MyBaseEditModeC lass
--EditMode
--EmpId
Anyway. Its a little complex at first, but I like it.
If youre using guids
EmpEdit.aspx?em puuid=0E139585C E5542d985098C78 98FB4CF8
Then odds are, no one is going to guess another empuuid
<db******@progr essive.comwrote in message
news:11******** **************@ m7g2000cwm.goog legroups.com...
This may be a can of worms but I wanted to throw it out here. I am
gathering pros and cons for using querystring vs session variables for
passing row keys in a ASP.net application. I want to be as thorough as
possible so why not throw out this situation to the development
community. Thoughts and opinions are appreciated.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: doltharz |
last post by:
Please Help me
i'm doing something i though was to be REALLY EASY but it drives me
crazy
The complete code is at the end of the email
(i mean newsgroup article),
i always use Option Explicit
and Response.Expires=-1,
|
by: PM |
last post by:
I'm trying to make a kind of search history containing the 3 last
searched words. So I'm using 3 Session Variables: Word1 / Word2 /
Word3.
In order to get this history working, I need to put the last searched
word in the following Variable.
Ex.:
Session("Word3") = Session("Word2")
Session("Word2") = Session("Word1")
|
by: Thomas Scheiderich |
last post by:
I am trying to understand Session variables and ran into a question on
how they work with data that is passed.
I have an HTM file that calls an ASP file and sends the name either by
GET or POST.
When I find is that if I send the value by the GET method,
response.write("From QueryString: " &
Request.QueryString("usernamefromform") & "<br><br>")
|
by: Targa |
last post by:
I use a database to authenticate users. Thier logon info is stored in a
session.
When the session times out it redirects the user back to the login page,
which, when logged in sends them to the secured homepage.
How can I return them to the page they were on when the session timed out,
rather than starting over on the homepage?
Thanks!
|
by: Billy Boone |
last post by:
I have a current web application that utilizes a login to authenticate
users
into the application. Once I authenticate them, I store away the user's
name in a Session variable. I then utilize this check to confirm the
session has not timed out (isLogon.asp - which I include on every page).
if Session("user") = "" then
call setURL()
Response.Redirect "login.asp"
| | |
by: catweezle2010 |
last post by:
Hello NG,
I have three files (default.aspx, search.aspx and work.aspx). The way
is: login on default (if session is newsession). The loginname I write
into as sessionvariable (username). So I redirect to my search.aspx.
Here I have a form which allows fill in some fields (place, street,
name etc.). With this informations i build a sqlquerey for sqlserver,
fill a datagrid and after select the right record by usin a link behind
I save the...
|
by: Abraham Luna |
last post by:
i have a problem when i set a session variable on the login page. sometimes
when i try to access it later it is null.
this is how my login page works:
Session = drEmployee.ToString(); //set the typ session
variable to employee typ. either: sales, admin, etc.
FormsAuthentication.SetAuthCookie(tbEmpId.Text, false);
Response.Redirect(Request.QueryString != null ?
Request.QueryString.ToString() : "secure/" + (Session ==
|
by: Santosh |
last post by:
Dear All
i am writting a code sending mail with attachement.
i am writting code for sending mail in one page and code for attaching
a file in the next page.
aftet attaching a file i am taking name of that file from attaching
file page to email page through in session file .i am giving a
facility of attaching five files to user . and i am taking names of
both files in session variables but user attach less than five five
|
by: MrHelpMe |
last post by:
Hello again all,
I've finished my whole application and now I don't like the whole
session variables that I am using. I have a form, user fills in info
clicks submit and using CDOSYSMail an email link gets created with an
encoded query string. i.e
http://www.yahoo.ca?#$@%@&#%#$@&^@%# which translates into
http://www.yahoo.ca?userID=54&LocationID=Denver.
Now when the user get's this email and clicks on the link I have a
|
by: bharathreddy |
last post by:
Here I will given an example on how to access the session, application and querystring variables in an .cs class file.
Using System.Web.HttpContext class.
1) For accesing session variables : System.Web.HttpContext.Current.Session
2) For accesing Application variables : System.Web.HttpContext.Current.Application
3) For accesing QueryString variables : System.Web.HttpContext.Current.Request.QueryString
Here is a simple example where...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
