I already use session variable in my project to set a session timeout when
the user doesn't do anything for 10 minutes.
When I call other pages, I often use parameters in HREF link.
I was wondering if it was better to pass parameter from page to page as
session variable instead of doing it in HREF link?
Thx for the hint !The first part of your message is very confusing to me, as Sessions time out
all by themselves. However, I can help you with your other question.
> When I call other pages, I often use parameters in HREF link.
> I was wondering if it was better to pass parameter from page to page as
> session variable instead of doing it in HREF link?
You have a couple of issues here. When you pass data via URL, you are
exposing it to the user, which can be a security risk, so one consideration
is how sensitive the data is. If it's not sensitive, you're fine, as long as
you make sure that the user can't create a parameterized URL that would
cause some problem. One of the advantages of using QueryString parameters is
that the user can bookmark a dynamic page, as the bookmark will have the
parameters in it.
As for Sessions, they can be problematic as well, since they time out after
a certain interval of inactivity. As long as you make sure to handle this
eventuality, Session is fine.
--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.
"+The_Taco+" <dominic.feron@.dessausoprin.com> wrote in message
news:eZ2jciO7DHA.488@.TK2MSFTNGP12.phx.gbl...
> I already use session variable in my project to set a session timeout when
> the user doesn't do anything for 10 minutes.
> When I call other pages, I often use parameters in HREF link.
> I was wondering if it was better to pass parameter from page to page as
> session variable instead of doing it in HREF link?
> Thx for the hint !
I think he means that he is using session as a crewd way to timeout a user
by setting session.timeout = 10 and checking for it on each postback.
--
Regards,
Alvin Bruney [ASP.NET MVP]
Got tidbits? Get it here...
http://tinyurl.com/3he3b
"Kevin Spencer" <kevin@.takempis.com> wrote in message
news:%23%23MS0$O7DHA.1852@.TK2MSFTNGP10.phx.gbl...
> The first part of your message is very confusing to me, as Sessions time
out
> all by themselves. However, I can help you with your other question.
> > When I call other pages, I often use parameters in HREF link.
> > I was wondering if it was better to pass parameter from page to page as
> > session variable instead of doing it in HREF link?
> You have a couple of issues here. When you pass data via URL, you are
> exposing it to the user, which can be a security risk, so one
consideration
> is how sensitive the data is. If it's not sensitive, you're fine, as long
as
> you make sure that the user can't create a parameterized URL that would
> cause some problem. One of the advantages of using QueryString parameters
is
> that the user can bookmark a dynamic page, as the bookmark will have the
> parameters in it.
> As for Sessions, they can be problematic as well, since they time out
after
> a certain interval of inactivity. As long as you make sure to handle this
> eventuality, Session is fine.
> --
> HTH,
> Kevin Spencer
> .Net Developer
> Microsoft MVP
> Big things are made up
> of lots of little things.
>
> "+The_Taco+" <dominic.feron@.dessausoprin.com> wrote in message
> news:eZ2jciO7DHA.488@.TK2MSFTNGP12.phx.gbl...
> > I already use session variable in my project to set a session timeout
when
> > the user doesn't do anything for 10 minutes.
> > When I call other pages, I often use parameters in HREF link.
> > I was wondering if it was better to pass parameter from page to page as
> > session variable instead of doing it in HREF link?
> > Thx for the hint !
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment