Keeping state without the session object or the query string

[Simon]

Hi all,

I need to maintain state between two pages but for two pissy reasons I can't
use the Session object and the Query String isn't ideal because its too easy
to tamper with.

I'm wondering what my options are?

As I understand it, I can either encrypt the QS on the way out to the client
somehow

or

I could use form variables to post information but I don't know how to do
that. Any advice, very much appreciated

Thanks all

Simon

 

[Karl]

Simon, you could simply add the values directly to the viewstate.

if not page.ispostback then
ViewState.Add("someKey", "someValue")
ViewState.Add("someOtherKey", "someOtherValue")
else
dim someValue as string = cstr(ViewState("someKey"))
dim someOtherValue as string = cstR(ViewState("SomeOtherKey"))
end if

ViewState actually saves values into a hidden form field, so it's pretty
much the same as your 2nd idea.

Alternatively, you could use Page.RegisterHiddenFormField("someKey",
"someValue") and then read the values back via Request.Form("someKey")


Again, those two do pretty much the same thing. These are also very easy to
tamper with though, so I'm not sure how much better off that idea is than
the QS.

Karl