473,396 Members | 1,898 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > state management using query string

Join Bytes to post your question to a community of 473,396 software developers and data experts.

state management using query string

Can somebody tell me about state management in asp.net
using Query Strings.
I am just unable to understand this.
Anshul
Nov 17 '05 #1
1 3311
> Can somebody tell me about state management in asp.net
using Query Strings.
I am just unable to understand this.


Here's how it works:

You want to remember a couple of things about a user - for example, their
favorite color and their atm card pin.

Now, you could use both in the query string, having:

http://www.mysite.com/default.aspx?c...range&atm=0000

However, your users probably don't want to be sending their atm card pin
number back and forth across the wire, or showing up in all of their URLs.
They would rather keep that quiet. So, you create a little mailbox on the
server to store this information, and the only thing you have to do in order
to figure out which mailbox to go to is the mail box ID.

So, I create a mailbox #5150 for you. I then store in this mailbox two
variables: color=orange and atm=0000. Now, I just need you to tell me what
mailbox to go to - I no longer send this information back and forth.

Traditionally, you would store this information in a cookie - a small bit of
text that is transmitted back and forth with each request to a particular
site. But, a lot of people turn cookies off, and this could break your site.
Consequently, people figure out other ways to send this mailbox ID back and
forth. One way is to put it into a hidden form field. the other is to put it
into the querystring. Now, your querystring is:

http://www.mysite.com/default.apsx?mailboxID=5150

Once I get to the server, I know exactly which mailbox to open and get the
information about you.

Now, just call those mailboxes Sessions, and there you have it.

Of course, you can also see the security implications. You can't just grab
information off of the wire. However, using cookies, you could sniff packets
to see what the Session ID is, and then create a new cookie using this
session ID. It's hard, but not impossible. With a hidden form field
solution, all you have to do is view source - a little bit easier to craft a
request like this if you want to hijack somebody's session. With a
QueryString solution, all you have to do is convince somebody to send you a
link to something. If you aren't thinking, or aren't aware of this important
tidbit of information existing in that link, you could very easily hand
somebody over the ability to be you on that application without even having
to try very hard.

If you want to prevent hackers from session hijacking, you need to consider
SSL as part of your total solution.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
--
Nov 17 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
WMI error using System.Management.ManagementClass
by: Paul Gronka | last post by:
I've got a VB.NET windows application (written in VS .NET 2003) that makes a call to WMI for retrieving the MAC Address from the client's PC. It works on 4 out of the 5 PC's tested so far. All...
.NET Framework
1
Windows service operation throws error: Operation is not valid due to the current state of the object.
by: Zeya | last post by:
I have this code, which uses WMI to operate on Windows service from C# code. When Service.InvokeMethod is called, the method throws an exception: System.Management Operation is not valid due...
C# / C Sharp
0
state management using query string
by: anshul | last post by:
Can somebody tell me about state management in asp.net using Query Strings. I am just unable to understand this. Anshul
ASP.NET
4
Out of Process State - MSSQL
by: Chad Crowder | last post by:
I've taken a look at this article http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspnet/html/asp12282000.asp which someone posted a month or so ago regarding setting up SQL...
ASP.NET
8
State Persisted Without Session or Application -- Why ?
by: Anthony P. Mancini | last post by:
I'm working on a proof of concept that will ultimately be deployed on a load balancer. For the sake of a preliminary demonstration I created a C# object and marked it's attributes as Public...
ASP.NET
13
Is "InProc" suitable for production Session State?
by: James Hunter Ross | last post by:
We love the ASP.NET "Session" concept and make good use of it. But, getting close to deployment we find we lose sessions far too often, probably due to application restarts, etc. We hope to...
ASP.NET
3
Which one of the following is NOT a valid state management tool?
by: cmay | last post by:
The question is: Which one of the following is NOT a valid state management tool? And the possible answers are: 1. Hidden Form Fields 2. Cookies
ASP.NET
0
How to properly manage state in events A and B, when event C fires
by: kirk | last post by:
I have three events that I have created and manage with timers. Two of the timer event handlers, the last two in the code below, need to reset state management data, if the first event handler...
C# / C Sharp
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!