|
Is it reasonable to put my objects into the Session between pages. I have reduced my objects to fairly small size with no lists or collections, generally between 4 and 10 fields. I am currently pushing these into the Session object assuming that this is quicker than a trip to the database (and will it piss off the host DiscountASP.net).
What is the recommended method of transferring IDs between pages, I am currently using the URL but I know this is not good as it exposes details about the system that should not be exposed
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
Transferring id values is OK so long as they are secured otherwise, ie if you use id=7 a user can't type id=8 and get that id unless they have permission. Often you can use post parameters to "hide" the information from the user but the security still needs to exist.
While it is very reasonable to put some objects in Session I prefer hitting the db and having completely stateless ASP.NET applications. Any host that doesn't want you using their DB has problems.
Also, one pattern I use when using Session is to have a SessionManager class and I require that all access to properties in the Session be from that class. That way it is easy to see what is in the Session and Where, etc.
|
|
|
|
|
Mycroft Holmes wrote: I have reduced my objects to fairly small size with no lists or collections, generally between 4 and 10 fields.
Looks fine to me. Make sure you remove them once you are done and your session don't have huge timeout limits. Performance will impact badly only when site has got huge traffic. In all other cases, it should be fine.
Mycroft Holmes wrote: What is the recommended method of transferring IDs between pages, I am currently using the URL but I know this is not good as it exposes details about the system that should not be exposed
If Ids are secured, don't pass it through URL. If not, passing through URL is fine. It will produce hackable URLs and hackable URLs are very helpful.
Best wishes,
Navaneeth
|
|
|
|
|
N a v a n e e t h wrote: If Ids are secured,
Can you elaborate on securing the IDs, currently they are simply integers (?CustomerID=1) in the URL
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
Mycroft Holmes wrote: Can you elaborate on securing the IDs
Well, if you are sending secured information through URL, few things should be taken care.
- Encrypt the values and send the encrypted text. The encrypted text may have special characters and you probably have to encode it before using in URL.
- A second level of check should be performed after you receive the id. For example, you have a page that allows editing personal information of current user with a url like (
edit.aspx?id=20 ) where 20 is the current user's id. Since the id is clearly visible, a user can change it to 30 and edit that users personal information. So after receiving the id, you need to check whether the current user logged in has the same id specified in the URL. It is good to do this second level of checking even the values are encrypted. After all, if you can, avoid passing secured information through URL.
Best wishes,
Navaneeth
|
|
|
|
|
And this[^] article has some explanations too.
Best wishes,
Navaneeth
|
|
|
|
|
Thank you - isn't it wonderful when you can point to one of your own articles to meet someones needs. Have 5 here and there
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
True. It's a wonderful feeling.
Best wishes,
Navaneeth
|
|
|
|
|
Analyse the data what you can put in Cache or in Session.If there is some global data that is common for all users,put it in Cache and put Data which is specific to user those put it in Session only.It will improve the performance.
When passing IDs through URL,encode it and decode it at the recieving end and validate it.
Cheers!!
Brij
|
|
|
|
|
Brij wrote: When passing IDs through URL,encode it and decode it at the recieving end and validate it.
Can you define encode/decode in its simplest form please
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
Encode: means you are changing the actual value to different value using some pattern/value
Decode: means get the actual value from the encoded value.(You can get the actual value because you have the pattern/formula for encoding but no other person can get the actual value).
Cheers!!
Brij
|
|
|
|
|
Session is good if there is less data. As Session creates separately for each user. In your case this is fine if you are going to store few field in session.
Abhijit Jana | Codeproject MVP
Web Site : abhijitjana.net
Don't forget to click "Good Answer" on the post(s) that helped you.
|
|
|
|
|
I don't know what the recommended way to do this is but I have recently had the need to cloak values not so much in post backs but in page rendering.
For example I do not want anyone viewing the page source to see the id's of rendered components like buttons, divs etc and what to send back in the OnClientClick event.
What I have done is to generate GUID's and assign them to the ID of the web control, these are then checked against an array of the generated GUID's, responding to a button click returns a second GUID which is the matched to assigned web control in the array, this method completely masks the original value, in your case the client ID.
Note: Each time the page is loaded a new set of GUID's are generated..
I don't know if it can work for you but I think it might.
theLizard
|
|
|
|
|
Hi,
How can I filter two different datatables in a single datatable?
like consider I have following two datatables
DataTable A DataTable B
PID | CID CID | FID
1 | 1 1 | 1
2 | 2 4 | 8
4 | 16 16 | 32
So after filtering I can have a output like
DataTable C
PID | FID
1 | 1
4 | 32
So in my filtered dattable I can have only matching results of datatable A and Datatable C?
How can I do this using .Net datatable?
Rock Star
|
|
|
|
|
This isn't an ASP.NET question, its a database question. You're best bet would be to construct the query to return the results appropriately.
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
I think he is asking to manipulate Application end DataTable, not Database tables.
|
|
|
|
|
I realize he is asking for that but it would be more effecient to do it at the database level.
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
Ok... No big deal buddy..
|
|
|
|
|
You need to recreate the new DataTable.
Create Column using
<br />
DataTable.Columns.Add(new DataColumn()
To add a column
To add a new Row use
DataTable.NewRow()
then add the row as
DataTable.Rows.Add
|
|
|
|
|
But I want only matching column of datatable A and datatable B in datatable C
How can I do that?
Rock Star
|
|
|
|
|
Copy all DataTable to arrays, manipulate or filtering and create new DataTable
|
|
|
|
|
I was thinking of using select method. Is there any example for selecting data from two different datatables?
Rock Star
|
|
|
|
|
If you are using dotNetFramework 3.5 using Linq would be the easiest way
|
|
|
|
|
Use the SQL sentence:
SELECT A.PID,B.FID FROM A,B WHERE A.CID=B.CID,
write it in Visual Studio or Procedure
April
Comm100 - Leading Live Chat Software Provider
modified 27-May-14 8:53am.
|
|
|
|
|
???Do you want to get a datatable??
StringBuilder strSQL= new StringBuilder("select A.* from A a inner join B on A.CID = B.CID");
SqlCommand cmd = new SqlCommand(strSQL.ToString(), conn, transaction);
DataTable C= new DataTable();
C.Load(cmd.ExecuteReader(), LoadOption.Upsert);
April
Comm100 - Leading Live Chat Software Provider
modified 27-May-14 8:53am.
|
|
|
|