|
Session variable VS HREF parameters...
I already use session variable in my project to set a session timeout when
the user doesn't do anything for 10 minutes. When I call other pages, I often use parameters in HREF link. I was wondering if it was better to pass parameter from page to page as session variable instead of doing it in HREF link? Thx for the hint ! |
Re: Session variable VS HREF parameters...
The first part of your message is very confusing to me, as Sessions time out
all by themselves. However, I can help you with your other question. > When I call other pages, I often use parameters in HREF link. > > I was wondering if it was better to pass parameter from page to page as > session variable instead of doing it in HREF link? You have a couple of issues here. When you pass data via URL, you are exposing it to the user, which can be a security risk, so one consideration is how sensitive the data is. If it's not sensitive, you're fine, as long as you make sure that the user can't create a parameterized URL that would cause some problem. One of the advantages of using QueryString parameters is that the user can bookmark a dynamic page, as the bookmark will have the parameters in it. As for Sessions, they can be problematic as well, since they time out after a certain interval of inactivity. As long as you make sure to handle this eventuality, Session is fine. -- HTH, Kevin Spencer ..Net Developer Microsoft MVP Big things are made up of lots of little things. "+The_Taco+" <dominic.feron@dessausoprin.com> wrote in message news:eZ2jciO7DHA.488@TK2MSFTNGP12.phx.gbl... > I already use session variable in my project to set a session timeout when > the user doesn't do anything for 10 minutes. > > When I call other pages, I often use parameters in HREF link. > > I was wondering if it was better to pass parameter from page to page as > session variable instead of doing it in HREF link? > > Thx for the hint ! > > |
Re: Session variable VS HREF parameters...
I think he means that he is using session as a crewd way to timeout a user
by setting session.timeout = 10 and checking for it on each postback. -- Regards, Alvin Bruney [ASP.NET MVP] Got tidbits? Get it here... http://tinyurl.com/3he3b "Kevin Spencer" <kevin@takempis.com> wrote in message news:%23%23MS0$O7DHA.1852@TK2MSFTNGP10.phx.gbl... > The first part of your message is very confusing to me, as Sessions time out > all by themselves. However, I can help you with your other question. > > > When I call other pages, I often use parameters in HREF link. > > > > I was wondering if it was better to pass parameter from page to page as > > session variable instead of doing it in HREF link? > > You have a couple of issues here. When you pass data via URL, you are > exposing it to the user, which can be a security risk, so one consideration > is how sensitive the data is. If it's not sensitive, you're fine, as long as > you make sure that the user can't create a parameterized URL that would > cause some problem. One of the advantages of using QueryString parameters is > that the user can bookmark a dynamic page, as the bookmark will have the > parameters in it. > > As for Sessions, they can be problematic as well, since they time out after > a certain interval of inactivity. As long as you make sure to handle this > eventuality, Session is fine. > > -- > HTH, > Kevin Spencer > .Net Developer > Microsoft MVP > Big things are made up > of lots of little things. > > > "+The_Taco+" <dominic.feron@dessausoprin.com> wrote in message > news:eZ2jciO7DHA.488@TK2MSFTNGP12.phx.gbl... > > I already use session variable in my project to set a session timeout when > > the user doesn't do anything for 10 minutes. > > > > When I call other pages, I often use parameters in HREF link. > > > > I was wondering if it was better to pass parameter from page to page as > > session variable instead of doing it in HREF link? > > > > Thx for the hint ! > > > > > > |
| All times are GMT. The time now is 08:27 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.