Session usage
-
Is it reasonable to put my objects into the Session between pages. I have reduced my objects to fairly small size with no lists or collections, generally between 4 and 10 fields. I am currently pushing these into the Session object assuming that this is quicker than a trip to the database (and will it piss off the host DiscountASP.net). What is the recommended method of transferring IDs between pages, I am currently using the URL but I know this is not good as it exposes details about the system that should not be exposed
Never underestimate the power of human stupidity RAH
Analyse the data what you can put in Cache or in Session.If there is some global data that is common for all users,put it in Cache and put Data which is specific to user those put it in Session only.It will improve the performance. When passing IDs through URL,encode it and decode it at the recieving end and validate it.
Cheers!! Brij
-
Is it reasonable to put my objects into the Session between pages. I have reduced my objects to fairly small size with no lists or collections, generally between 4 and 10 fields. I am currently pushing these into the Session object assuming that this is quicker than a trip to the database (and will it piss off the host DiscountASP.net). What is the recommended method of transferring IDs between pages, I am currently using the URL but I know this is not good as it exposes details about the system that should not be exposed
Never underestimate the power of human stupidity RAH
Session is good if there is less data. As Session creates separately for each user. In your case this is fine if you are going to store few field in session.
Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Don't forget to click "Good Answer" on the post(s) that helped you.
-
Analyse the data what you can put in Cache or in Session.If there is some global data that is common for all users,put it in Cache and put Data which is specific to user those put it in Session only.It will improve the performance. When passing IDs through URL,encode it and decode it at the recieving end and validate it.
Cheers!! Brij
Brij wrote:
When passing IDs through URL,encode it and decode it at the recieving end and validate it.
Can you define encode/decode in its simplest form please
Never underestimate the power of human stupidity RAH
-
Mycroft Holmes wrote:
I have reduced my objects to fairly small size with no lists or collections, generally between 4 and 10 fields.
Looks fine to me. Make sure you remove them once you are done and your session don't have huge timeout limits. Performance will impact badly only when site has got huge traffic. In all other cases, it should be fine.
Mycroft Holmes wrote:
What is the recommended method of transferring IDs between pages, I am currently using the URL but I know this is not good as it exposes details about the system that should not be exposed
If Ids are secured, don't pass it through URL. If not, passing through URL is fine. It will produce hackable URLs and hackable URLs are very helpful. :)
Best wishes, Navaneeth
N a v a n e e t h wrote:
If Ids are secured,
Can you elaborate on securing the IDs, currently they are simply integers (?CustomerID=1) in the URL
Never underestimate the power of human stupidity RAH
-
Brij wrote:
When passing IDs through URL,encode it and decode it at the recieving end and validate it.
Can you define encode/decode in its simplest form please
Never underestimate the power of human stupidity RAH
Encode: means you are changing the actual value to different value using some pattern/value Decode: means get the actual value from the encoded value.(You can get the actual value because you have the pattern/formula for encoding but no other person can get the actual value).
Cheers!! Brij
-
N a v a n e e t h wrote:
If Ids are secured,
Can you elaborate on securing the IDs, currently they are simply integers (?CustomerID=1) in the URL
Never underestimate the power of human stupidity RAH
Mycroft Holmes wrote:
Can you elaborate on securing the IDs
Well, if you are sending secured information through URL, few things should be taken care.
- Encrypt the values and send the encrypted text. The encrypted text may have special characters and you probably have to encode it before using in URL.
- A second level of check should be performed after you receive the id. For example, you have a page that allows editing personal information of current user with a url like (
edit.aspx?id=20) where 20 is the current user's id. Since the id is clearly visible, a user can change it to 30 and edit that users personal information. So after receiving the id, you need to check whether the current user logged in has the same id specified in the URL. It is good to do this second level of checking even the values are encrypted.
After all, if you can, avoid passing secured information through URL. :)
Best wishes, Navaneeth
-
N a v a n e e t h wrote:
If Ids are secured,
Can you elaborate on securing the IDs, currently they are simply integers (?CustomerID=1) in the URL
Never underestimate the power of human stupidity RAH
-
Thank you - isn't it wonderful when you can point to one of your own articles to meet someones needs. Have 5 here and there
Never underestimate the power of human stupidity RAH
-
Thank you - isn't it wonderful when you can point to one of your own articles to meet someones needs. Have 5 here and there
Never underestimate the power of human stupidity RAH
True. It's a wonderful feeling. :)
Best wishes, Navaneeth
-
Is it reasonable to put my objects into the Session between pages. I have reduced my objects to fairly small size with no lists or collections, generally between 4 and 10 fields. I am currently pushing these into the Session object assuming that this is quicker than a trip to the database (and will it piss off the host DiscountASP.net). What is the recommended method of transferring IDs between pages, I am currently using the URL but I know this is not good as it exposes details about the system that should not be exposed
Never underestimate the power of human stupidity RAH
I don't know what the recommended way to do this is but I have recently had the need to cloak values not so much in post backs but in page rendering. For example I do not want anyone viewing the page source to see the id's of rendered components like buttons, divs etc and what to send back in the OnClientClick event. What I have done is to generate GUID's and assign them to the ID of the web control, these are then checked against an array of the generated GUID's, responding to a button click returns a second GUID which is the matched to assigned web control in the array, this method completely masks the original value, in your case the client ID. Note: Each time the page is loaded a new set of GUID's are generated.. I don't know if it can work for you but I think it might.
theLizard