473,326 Members | 2,061 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Session vs QueryString

This may be a can of worms but I wanted to throw it out here. I am
gathering pros and cons for using querystring vs session variables for
passing row keys in a ASP.net application. I want to be as thorough as
possible so why not throw out this situation to the development
community. Thoughts and opinions are appreciated.

Oct 2 '06 #1
8 3343
Its easy to forget to remove the key from session once its usability
has passed.
I figure that session is for keeping information long term over some
substantial life time, such as tracking that a user is logged in.

Querystring is fine for page by page stuff, but there's also the
Viewstate and Cache considerations as well. I don't think you can weigh
up such an argument without including these 2 forces of nature.

Steven

db******@progressive.com wrote:
This may be a can of worms but I wanted to throw it out here. I am
gathering pros and cons for using querystring vs session variables for
passing row keys in a ASP.net application. I want to be as thorough as
possible so why not throw out this situation to the development
community. Thoughts and opinions are appreciated.
Oct 2 '06 #2
Querystrings are editable by users. This can sometimes be a good thing for
knowledgeable users, however you must carefully think about the security
implications if users go tinkering with the querystring parameters.

Querystrings are visible by users. This can be a good thing in cases where
the user saves a URL in their favorites, because it can potentially also
save the state too, assuming you're keeping state in the querystring.
However this can be bad if retrieving the querystring from their favorites
causes your app to throw an error, then the user is left looking at an
unfriendly error page instead of the page they thought they'd bookmarked.

Session strings are more reliable and secure because they are always kept on
the server and never visible or editable by users. The main downside to
session variables is that each one takes up space in server memory, thus
limiting the scalability of the site. (However there are ways to deal with
this such as using a SQL state server or a centralized state server.)

Don't forget about other alternatives, such as the context object, cookies,
saving to a database, hidden fields (to help post data between forms), etc.

Here are some good articles on the subject:
http://SteveOrr.net/faq/PassValues.aspx
http://www.aspalliance.com/kenc/passval.aspx
http://msdn.microsoft.com/msdnmag/is...e/default.aspx

--
I hope this helps,
Steve C. Orr
MCSD, MVP, CSM
http://SteveOrr.net

<db******@progressive.comwrote in message
news:11**********************@m7g2000cwm.googlegro ups.com...
This may be a can of worms but I wanted to throw it out here. I am
gathering pros and cons for using querystring vs session variables for
passing row keys in a ASP.net application. I want to be as thorough as
possible so why not throw out this situation to the development
community. Thoughts and opinions are appreciated.

Oct 2 '06 #3
For what it's worth I dont think that you can realisitically compare
one with the other as though they always represent a straight choice.
There are circumstances when one or the other may be the only viable
solution.

To give some examples. I recently developed an application that created
tables of data (with a layout that couldn't be supported by a DataList)
where each cell needed to contain a server control to initiate a
postback with a parameter that would be used to retrieve data from a
database. As the controls were being created programatically and there
were many of them, I couldn't use link buttons because I had know way
of creating an event handler on the fly. The solution here for me was
to use hyperlinks that pointed back to the same page with the parameter
in a query string, which could be created programatically and detected
easily as part of the page load event. I don't see how this could have
been achieved using Session state variables.

On another occasion I could'nt use a query string without making the
coding of the page load event over complicated. This was caused by the
fact that a page request using a query string doesn't initiate a
postback event (so IsPostBack is always false) and so you have to
differentiate between an initial page request and a repeat one.

Oct 2 '06 #4
I made myself a common function which moves a session variable to the
viewstate on page load.
This means i only use it for passing data from one page to another and
release the session var imm.
If needed i simply put it on the session again and jump to another page.
Of course, these target pages must be aware of this singkle item but that's
how i do it.

Once you have such a function it all becomes very handy.

On each postback it verifies if the session var exists and 'updates' a
private variable which is of course 0 on first load.
You can ommit this since it's a postback but i dont' mind.


<db******@progressive.comschreef in bericht
news:11**********************@m7g2000cwm.googlegro ups.com...
This may be a can of worms but I wanted to throw it out here. I am
gathering pros and cons for using querystring vs session variables for
passing row keys in a ASP.net application. I want to be as thorough as
possible so why not throw out this situation to the development
community. Thoughts and opinions are appreciated.

Oct 2 '06 #5
"Edwin Knoppert" <ne**@hellobasic.comwrote in message
news:45**********************@text.nova.planet.nl. ..
>I made myself a common function which moves a session variable to the
viewstate on page load.
This means i only use it for passing data from one page to another and
release the session var imm.
If needed i simply put it on the session again and jump to another page.
Of course, these target pages must be aware of this singkle item but
that's how i do it.
I do pretty much exactly the same...
Oct 2 '06 #6

If my primary key is a guid, then I use querystring.

If my primary key is an int, I go to the Session route.

EmpID=123 is too easy to change to EmpID = 124 ......in my world.

http://sholliday.spaces.live.com/?_c...26ayear%3d2005

I have a Session Wrapper object.

On the page1, I put a small object into my wrapper object.
On page2, I have both an indexer and .Remove method. I use the .Remove
method. That way I get the value, but don't orphan it.

The object I put into the SessionWrapper is small. Usually just an int.

I also have an abstract class, which I inherit from. The abstract class has
"EditMode" ... which is an enum with 2 values. AddNew and Edit(Existing)

This way, I can decide on the SomethingEdit.aspx page.... whether I'm adding
a new one or editing an existing one, without a bunch of weirdo logic saying

if (empid == null) || (empid<=0)

I have an enum value which tells me.

.......

If I was edting an employee. I'd extend the abstract class, and add an EmpID
property

EmpArg : MyBaseEditModeClass
--EditMode
--EmpId
Anyway. Its a little complex at first, but I like it.

If youre using guids

EmpEdit.aspx?empuuid=0E139585CE5542d985098C7898FB4 CF8

Then odds are, no one is going to guess another empuuid


<db******@progressive.comwrote in message
news:11**********************@m7g2000cwm.googlegro ups.com...
This may be a can of worms but I wanted to throw it out here. I am
gathering pros and cons for using querystring vs session variables for
passing row keys in a ASP.net application. I want to be as thorough as
possible so why not throw out this situation to the development
community. Thoughts and opinions are appreciated.

Oct 2 '06 #7
Sessions expire, viewstates not..

"sloan" <sl***@ipass.netschreef in bericht
news:uw*************@TK2MSFTNGP02.phx.gbl...
>
If my primary key is a guid, then I use querystring.

If my primary key is an int, I go to the Session route.

EmpID=123 is too easy to change to EmpID = 124 ......in my world.

http://sholliday.spaces.live.com/?_c...26ayear%3d2005

I have a Session Wrapper object.

On the page1, I put a small object into my wrapper object.
On page2, I have both an indexer and .Remove method. I use the .Remove
method. That way I get the value, but don't orphan it.

The object I put into the SessionWrapper is small. Usually just an int.

I also have an abstract class, which I inherit from. The abstract class
has
"EditMode" ... which is an enum with 2 values. AddNew and Edit(Existing)

This way, I can decide on the SomethingEdit.aspx page.... whether I'm
adding
a new one or editing an existing one, without a bunch of weirdo logic
saying

if (empid == null) || (empid<=0)

I have an enum value which tells me.

......

If I was edting an employee. I'd extend the abstract class, and add an
EmpID
property

EmpArg : MyBaseEditModeClass
--EditMode
--EmpId
Anyway. Its a little complex at first, but I like it.

If youre using guids

EmpEdit.aspx?empuuid=0E139585CE5542d985098C7898FB4 CF8

Then odds are, no one is going to guess another empuuid


<db******@progressive.comwrote in message
news:11**********************@m7g2000cwm.googlegro ups.com...
>This may be a can of worms but I wanted to throw it out here. I am
gathering pros and cons for using querystring vs session variables for
passing row keys in a ASP.net application. I want to be as thorough as
possible so why not throw out this situation to the development
community. Thoughts and opinions are appreciated.


Oct 3 '06 #8
Everyone,

Excellent information. I appreciate everyones responces. The
Microsoft article above is a good read.

Thanks all
Edwin Knoppert wrote:
Sessions expire, viewstates not..

"sloan" <sl***@ipass.netschreef in bericht
news:uw*************@TK2MSFTNGP02.phx.gbl...

If my primary key is a guid, then I use querystring.

If my primary key is an int, I go to the Session route.

EmpID=123 is too easy to change to EmpID = 124 ......in my world.

http://sholliday.spaces.live.com/?_c...26ayear%3d2005

I have a Session Wrapper object.

On the page1, I put a small object into my wrapper object.
On page2, I have both an indexer and .Remove method. I use the .Remove
method. That way I get the value, but don't orphan it.

The object I put into the SessionWrapper is small. Usually just an int.

I also have an abstract class, which I inherit from. The abstract class
has
"EditMode" ... which is an enum with 2 values. AddNew and Edit(Existing)

This way, I can decide on the SomethingEdit.aspx page.... whether I'm
adding
a new one or editing an existing one, without a bunch of weirdo logic
saying

if (empid == null) || (empid<=0)

I have an enum value which tells me.

......

If I was edting an employee. I'd extend the abstract class, and add an
EmpID
property

EmpArg : MyBaseEditModeClass
--EditMode
--EmpId
Anyway. Its a little complex at first, but I like it.

If youre using guids

EmpEdit.aspx?empuuid=0E139585CE5542d985098C7898FB4 CF8

Then odds are, no one is going to guess another empuuid


<db******@progressive.comwrote in message
news:11**********************@m7g2000cwm.googlegro ups.com...
This may be a can of worms but I wanted to throw it out here. I am
gathering pros and cons for using querystring vs session variables for
passing row keys in a ASP.net application. I want to be as thorough as
possible so why not throw out this situation to the development
community. Thoughts and opinions are appreciated.
Oct 3 '06 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

11
by: doltharz | last post by:
Please Help me i'm doing something i though was to be REALLY EASY but it drives me crazy The complete code is at the end of the email (i mean newsgroup article), i always use Option...
3
by: PM | last post by:
I'm trying to make a kind of search history containing the 3 last searched words. So I'm using 3 Session Variables: Word1 / Word2 / Word3. In order to get this history working, I need to put the...
15
by: Thomas Scheiderich | last post by:
I am trying to understand Session variables and ran into a question on how they work with data that is passed. I have an HTM file that calls an ASP file and sends the name either by GET or POST....
3
by: Targa | last post by:
I use a database to authenticate users. Thier logon info is stored in a session. When the session times out it redirects the user back to the login page, which, when logged in sends them to the...
0
by: Billy Boone | last post by:
I have a current web application that utilizes a login to authenticate users into the application. Once I authenticate them, I store away the user's name in a Session variable. I then utilize...
3
by: catweezle2010 | last post by:
Hello NG, I have three files (default.aspx, search.aspx and work.aspx). The way is: login on default (if session is newsession). The loginname I write into as sessionvariable (username). So I...
4
by: Abraham Luna | last post by:
i have a problem when i set a session variable on the login page. sometimes when i try to access it later it is null. this is how my login page works: Session = drEmployee.ToString(); //set...
1
by: Santosh | last post by:
Dear All i am writting a code sending mail with attachement. i am writting code for sending mail in one page and code for attaching a file in the next page. aftet attaching a file i am taking...
12
by: MrHelpMe | last post by:
Hello again all, I've finished my whole application and now I don't like the whole session variables that I am using. I have a form, user fills in info clicks submit and using CDOSYSMail an...
0
by: bharathreddy | last post by:
Here I will given an example on how to access the session, application and querystring variables in an .cs class file. Using System.Web.HttpContext class. 1) For accesing session variables :...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.