Thoughts on Passing Information to Another Page

[Jonathan Wood]

I'm finally getting the hang of ASP.NET.

But one thing I still struggle with is when I want to open a page and pass
that page some information. Here are some choices I have:

1. Pass it as a query string. This works for some tasks. But for other
tasks, this is neither private nor safe from being modified by casual users.

2. Use PreviousPage. This also works for some tasks. But when the data to be
passed is not really part of the page, then this model seems to break down.

3. Set a Session variable. This is both private and secure and works well.
However, it's a little awkward to "clean up" and using this technique
regularly would result in a bunch of memory being wasted for each session
unless you had a clean way to delete those variables after they were used.

I'm just curious if others have found a better approach. I'm starting to
think about using ViewState in the previous page and then using PreviousPage
to access that ViewState. Assuming that's possible, that approach is both
private and secure as well as "self-cleaning". I'd need to think about it
some more to decide how much I like that.

Thanks.

 

[Scott M.]

FYI - Using ViewState is neither private or secure.

The hash that Microsoft uses to code (not encrypt) the ViewState string is
well-known and there are many tools available to decode the string.

If you need a secure way of passing the data you could use the encryption
classes in .NET to encrypt the data you want to pass and then pass it using
any of the methods below.

Don't forget about the most robust solution, passing the data to a database
and then retrieving it later.

-Scott

 

[Jonathan Wood]

Scott,

FYI - Using ViewState is neither private or secure.

The hash that Microsoft uses to code (not encrypt) the ViewState string is
well-known and there are many tools available to decode the string.

Yes, good point. Is it just base64?

If you need a secure way of passing the data you could use the encryption
classes in .NET to encrypt the data you want to pass and then pass it
using any of the methods below.

I'm so far relatively unfamilier with these. If there's a way to checksum
the data to prevent trying to decrypt something that the user just typed in,
that would definitely be something to explore.

Don't forget about the most robust solution, passing the data to a
database and then retrieving it later.

Right. But that's not really more secure than setting a Session variable, is
it?

Thanks.

 

[Peter Bromberg [C# MVP]]

Session is efficient and doesn't use a lot of memory if you don't store
complex objects. It's also easy to remove a session item after you are done
with it, so I cannot say I agree with your statements.

However I have successfully used compressed cookies (compressed via LZMA /
7ZIP) as an alternative to Session.
-- Peter
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
MetaFinder: http://www.blogmetafinder.com

 

[Jonathan Wood]

It's easy to remove a session item, but with complex code, it's even easier
to have paths that fail to remove it.

I don't yet know enough to use cookies to pass information or judge how
efficient/secure it is.

Thanks.

 

[Jose A. Fernandez]

another way...maybe Context.Items

Example:
-------------------
Dim Context As HttpContext
Context = HttpContext.Current
Context.Items.Add("miEjemplo", "UnEjemplo")
Server.Transfer("Pagina2.aspx")

another page... Pagina2.aspx
Dim Context As HttpContext
Context = HttpContext.Current
If Context.Items.Contains("miEjemplo") Then
Me.lblTest.Text = CType(Context.Items("miEjemplo").ToString,
...

Links:
----------------
HttpContext
http://msdn2.microsoft.com/es-es/library/system.web.httpcontext.aspx

Passing values from a page to another by means of the Context object
http://www.devx.com/vb2themax/Tip/18847

State management with Context.Items in ASP.NET
http://www.csse.monash.edu.au/courseware/cse2030/2004/state.html


______________________
Jose A. Fernandez
blog: http://geeks.ms/blogs/fernandezja

 

[Jonathan Wood]

Interesting. I'm looking into this.

Thanks.