469,631 Members | 1,667 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,631 developers. It's quick & easy.

Post and response.redirect

I am using method=POST in my Form field, but am also using
response.redirects to go to my next pages.

response.redirect("x.aspx?a=1)

But the a=1 shows in the query string. I thought the Post method was
supposed to put the querys into the page and not the URL?

I am trying to take some of my pages that already are doing redirects and
make them more secure by not having data in the URL. Is there an easy way
to do this without having to rewrite my code?

Thanks,

Tom
Dec 7 '05 #1
3 1416
Hi Tom,

The word "Secure" is a very relative term. So, I would use that term
very diplomatically :-)

When you are using a POST in a form, you are posting a.k.a pushing all
the fields in the form in a relatively secure manner than when you use
a querystring. But, when you are using a Response.Redirect, you are
playing out of that context, that is you are ending the page abruptly
and redirecting the control to another page. And using the querystring
is by your option.

So, if you do not want to pass the value of "a" in querystring, but
want to persist across page calls, there are other ways:
1. Use Hidden form fields.
2. Store the value of "a" in a session variable.
3. Use HttpContext values.

Thanks,
Rajeev Gopal
http://www.geekswithblogs.net/rajeevgopal

Dec 7 '05 #2

"Rajeev Gopal" <ra**********@gmail.com> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
Hi Tom,

The word "Secure" is a very relative term. So, I would use that term
very diplomatically :-)

When you are using a POST in a form, you are posting a.k.a pushing all
the fields in the form in a relatively secure manner than when you use
a querystring. But, when you are using a Response.Redirect, you are
playing out of that context, that is you are ending the page abruptly
and redirecting the control to another page. And using the querystring
is by your option.

So, if you do not want to pass the value of "a" in querystring, but
want to persist across page calls, there are other ways:
1. Use Hidden form fields.
Are these special fields that get sent in a POST - even during redirect?

Or are you talking about hidden fields that get repopulated durning
Postback?

Thanks,

Tom 2. Store the value of "a" in a session variable.
3. Use HttpContext values.

Thanks,
Rajeev Gopal
http://www.geekswithblogs.net/rajeevgopal

Dec 7 '05 #3
tshad wrote:
I am using method=POST in my Form field, but am also using
response.redirects to go to my next pages.

response.redirect("x.aspx?a=1)

But the a=1 shows in the query string. I thought the Post method was
supposed to put the querys into the page and not the URL?
Yes, payload is carried in the HTTP message body and thus "invisible",
but the request URI (which contains the query string) *isn't* part of
the payload. It's part of the header.
I am trying to take some of my pages that already are doing redirects
and make them more secure by not having data in the URL. Is there an
easy way to do this without having to rewrite my code?


As long as you don't apply encryption, there's no real security here.
One approach is to use encrypted query strings, but there's no
framework support for this AFAIK.

Cheers,
--
http://www.joergjooss.de
mailto:ne********@joergjooss.de
Dec 7 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Tim Wade | last post: by
2 posts views Thread by ETK | last post: by
4 posts views Thread by Wayne P. | last post: by
1 post views Thread by David | last post: by
10 posts views Thread by Savanah | last post: by
5 posts views Thread by Thom Little | last post: by
7 posts views Thread by jp2code | last post: by
56 posts views Thread by UKuser | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.