Hiding a variable in a querystring

Discussion in 'ASP .Net' started by Guest, Jan 21, 2005.

  1. Guest

    Guest Guest

    I need to pass a variable in a querystring that I want to hide from the user.
    eg www.abc.com?UserID=555 and the UserID must be hidden.

    I was thinking of encrypting the ID, using a UserGUID that would change
    every night, or passing and an array and index and getting the correct UserID
    from that.

    Any ideas / suggestions
    Guest, Jan 21, 2005
    1. Advertisements

  2. [email protected], Jan 21, 2005
    1. Advertisements

  3. Guest

    Guest Guest

    Hi Craig HB,

    Just a suggestion: As a design principle, if it's "too secret" to share with
    the user, why don't you take it away from the scope of the user and keep it
    on the server, perhaps with a special variable in Session that both of these
    pages know about? Or even better, why not passing this special variable name
    instead of the ID itself in querystring?

    I would not recommend encryption because of the overhead. And also consider
    the scenario where it's tampered. Your receiving page will find out
    eventually that it's tampered and either give out an exception or you'll need
    a mechanism to recover it somehow. It just sounds too unnecessary when you
    know that you can hide it from the round trip anyway, unless you have a very
    good reason.

    Hope this gives some ideas,

    Guest, Jan 21, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.