J
Jonathan Wood
I'm still having issues with this and would love to hear from more people
about how they are approaching this issue.
After thinking about all the ways to pass arguments to a Web form (query
strings, context items, application objects, view state), I started favoring
using the Session object. I created a generic method that retrieved a
variable from the Session object and then deleted it so that I didn't end up
with a ton of unused variables for each user.
The problem with this approach is that, if the user hits refresh, all is
lost. My view state is gone and, since I deleted the session object
variables, they are gone also.
I looked into PreviousPage.ViewState but this does not seem to be available.
Also, I suspect a refresh would trash that as well.
Everything seems to be pointing to query strings. But I hate the fact that
even the most casual of users could modify the query arguments (or just type
them wrong) and end up changing someone else's data. I know I could perform
verification of the user, but for some tasks, this require additional trips
to the database, which I would like to minimize.
How is everyone else doing this on sites that require the user to be logged
in?
Thanks.
about how they are approaching this issue.
After thinking about all the ways to pass arguments to a Web form (query
strings, context items, application objects, view state), I started favoring
using the Session object. I created a generic method that retrieved a
variable from the Session object and then deleted it so that I didn't end up
with a ton of unused variables for each user.
The problem with this approach is that, if the user hits refresh, all is
lost. My view state is gone and, since I deleted the session object
variables, they are gone also.
I looked into PreviousPage.ViewState but this does not seem to be available.
Also, I suspect a refresh would trash that as well.
Everything seems to be pointing to query strings. But I hate the fact that
even the most casual of users could modify the query arguments (or just type
them wrong) and end up changing someone else's data. I know I could perform
verification of the user, but for some tasks, this require additional trips
to the database, which I would like to minimize.
How is everyone else doing this on sites that require the user to be logged
in?
Thanks.