Hiding a variable in a querystring

G

Guest

I need to pass a variable in a querystring that I want to hide from the user.
eg www.abc.com?UserID=555 and the UserID must be hidden.

I was thinking of encrypting the ID, using a UserGUID that would change
every night, or passing and an array and index and getting the correct UserID
from that.

Any ideas / suggestions
Craig
 
G

Guest

Hi Craig HB,

Just a suggestion: As a design principle, if it's "too secret" to share with
the user, why don't you take it away from the scope of the user and keep it
on the server, perhaps with a special variable in Session that both of these
pages know about? Or even better, why not passing this special variable name
instead of the ID itself in querystring?

I would not recommend encryption because of the overhead. And also consider
the scenario where it's tampered. Your receiving page will find out
eventually that it's tampered and either give out an exception or you'll need
a mechanism to recover it somehow. It just sounds too unnecessary when you
know that you can hide it from the round trip anyway, unless you have a very
good reason.

Hope this gives some ideas,

Ethem
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top