Passing value from one page to another.

XPLR
XPLR used Ask the Experts™
on
I am trying to pass set of information from one apge to another. Which is a better approach the query string or the session variable? And why.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
It just depends on the type and size of the data being passed.

Small information, one page to another, use querystring. Othewise use session variables.

Also, session variables will be available from any page until it is killed or expired.
QueryStrings are used to pass values from just one page to another.

Top Expert 2009
Commented:
In addition to what rick says, the session can be used for security.

There are times when you may want to use variables without passing them to the client, a trust issue. You may not want the client to know or have control to change certain variables, so you'd keep them in the session.

Anything you pass in the query string or in a form post is then in complete control of the client and could be modified.
Commented:
Depends on the data but generally I use the query string.  In a master/detail type application it's very common to edit a detail record from a list, where the list passes the id of the record to edit to the detail page via the query string.  This is simple and clean.   However if the data passed is complex beyond a couple of fields, then session is a quick option.  However there's a number of things to consider with session variables.

1. Less scalable - the more memory each session takes the fewer users a server or cluster can support.  This isn't to say you should avoid session altogether as it is very useful and I've seen one to many convoluted cookie based solutions.  But it's something to keep in mind before you drop a meg worth of data per user into session.
2. Difficulties in browser navigation.  So if you save data to session to be consumed by another page, what happens if the user ctrl-n's to open a new browser window for the same page?  What if you need to support a user hitting the page directly?  For example, if the second page clears the data from session, a new window will get an error instead.
3. Load balancing problems - if you're publishing to a load balancer you need to set a session affinity or "sticky session" so that a user always goes to the same server.  For example user logs in thru server A but the load balancer directs the user's next request to server B wich has no knowledge of the log in.  Most load balancers do support this and when they don't a dedicated state server is an option.

All that said, I use session variables all the time, but I try to keep those variables relative to the session.  Using session as sort of a global temporary store I try to avoid mostly for #2 above.
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

Commented:
As to the issue with url tampering, i generally use a hash function and append it's digest to the url to confirm against (like a checksum).  However, this was only needed in apps where a security check couldn't be done on the destination page.  Do you have an example of such secure data mrjoltcola?
Session variable is more secure way to send data across pages. As user cannot see the actual values as in case of query string. When you have large amount of data you should prefer passing it via a Session variable coz its much flexible and robust and vice versa. two ways of creating Session variables are :  
//1st way..
Session.Add("Key","Value");

//2nd way..
Session["Key"] = "Value";

Open in new window

Here Key must be a string qualifier for the Session variable i.e name of the variable. And Value part is actually of object type which can store any of the two value or reference type. In the above case I have used a String type with value as "Value".
Another way is by using Cross Page Postbacks.. You need to set the PostBackUrl Property of the button control that will trigger the postback of data to another page,.. like so :
button1.PostBackUrl = "~/Default2.aspx"; // Next page's url

Open in new window

Then in the next page i.e. Default2.aspx in the load event..
protected void Page_Load(object sender,EventArgs e)
{
      if(Page.PreviousPage.IsPostBack)
      {
            TextBox tb = (TextBox)Page.PreviousPage.FindControl("textBox1");

            Response.Write(tb.Text); 
      }
}

Open in new window

The above example assumes that you have a TextBox Control (textBox1) in your first page i.e Default.aspx the value of which you need to send to second page. i.e Default2.aspx
Hello, with the use of session variable it more helpful than the query string, Because you have to easily pass the value with the session variable.
Commented:
I would still like an example of "more secure" since now two people have mentioned it.  I understand that this data is only available on the server, but that begs the question on why it even needs to be passed at all?  Data that is retreived as a function of the calling page and passed to the called page could simply be retreived as a function of the the called page.

For example, I wouldn't pass the user's password hash from ViewUser.aspx to ChangePassword.aspx.  I would just pass the user id to ChangePassword.aspx and let it retreive the user's password hash.

I'm not trying to be difficult nor am I saying that a genuine senario doesn't exist, but I want to make sure the OP is correctly informed.  Yes session data is not accessible to the client, but in the context of inter-page communication, I don't want "more secure" to lead to bad design decisions.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial