Hi Craig HB,
Just a suggestion: As a design principle, if it's "too secret" to share with
the user, why don't you take it away from the scope of the user and keep it
on the server, perhaps with a special variable in Session that both of these
pages know about? Or even better, why not passing this special variable name
instead of the ID itself in querystring?
I would not recommend encryption because of the overhead. And also consider
the scenario where it's tampered. Your receiving page will find out
eventually that it's tampered and either give out an exception or you'll need
a mechanism to recover it somehow. It just sounds too unnecessary when you
know that you can hide it from the round trip anyway, unless you have a very
good reason.
Hope this gives some ideas,
Ethem
"Craig HB" wrote:
I need to pass a variable in a querystring that I want to hide from the user.
eg www.abc.com?UserID=555 and the UserID must be hidden.
I was thinking of encrypting the ID, using a UserGUID that would change
every night, or passing and an array and index and getting the correct UserID
from that.
Any ideas / suggestions
Craig