Post and response.redirect

T

tshad

I am using method=POST in my Form field, but am also using
response.redirects to go to my next pages.

response.redirect("x.aspx?a=1)

But the a=1 shows in the query string. I thought the Post method was
supposed to put the querys into the page and not the URL?

I am trying to take some of my pages that already are doing redirects and
make them more secure by not having data in the URL. Is there an easy way
to do this without having to rewrite my code?

Thanks,

Tom
 
R

Rajeev Gopal

Hi Tom,

The word "Secure" is a very relative term. So, I would use that term
very diplomatically :)

When you are using a POST in a form, you are posting a.k.a pushing all
the fields in the form in a relatively secure manner than when you use
a querystring. But, when you are using a Response.Redirect, you are
playing out of that context, that is you are ending the page abruptly
and redirecting the control to another page. And using the querystring
is by your option.

So, if you do not want to pass the value of "a" in querystring, but
want to persist across page calls, there are other ways:
1. Use Hidden form fields.
2. Store the value of "a" in a session variable.
3. Use HttpContext values.

Thanks,
Rajeev Gopal
http://www.geekswithblogs.net/rajeevgopal
 
T

tshad

Rajeev Gopal said:
Hi Tom,

The word "Secure" is a very relative term. So, I would use that term
very diplomatically :)

When you are using a POST in a form, you are posting a.k.a pushing all
the fields in the form in a relatively secure manner than when you use
a querystring. But, when you are using a Response.Redirect, you are
playing out of that context, that is you are ending the page abruptly
and redirecting the control to another page. And using the querystring
is by your option.

So, if you do not want to pass the value of "a" in querystring, but
want to persist across page calls, there are other ways:
1. Use Hidden form fields.

Are these special fields that get sent in a POST - even during redirect?

Or are you talking about hidden fields that get repopulated durning
Postback?

Thanks,

Tom
 
J

Joerg Jooss

tshad said:
I am using method=POST in my Form field, but am also using
response.redirects to go to my next pages.

response.redirect("x.aspx?a=1)

But the a=1 shows in the query string. I thought the Post method was
supposed to put the querys into the page and not the URL?

Yes, payload is carried in the HTTP message body and thus "invisible",
but the request URI (which contains the query string) *isn't* part of
the payload. It's part of the header.
I am trying to take some of my pages that already are doing redirects
and make them more secure by not having data in the URL. Is there an
easy way to do this without having to rewrite my code?

As long as you don't apply encryption, there's no real security here.
One approach is to use encrypted query strings, but there's no
framework support for this AFAIK.

Cheers,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top