I am redirecting to a page in my asp.net application using which passes a parameter in the url.
HttpApplication app = (HttpApplication) sender;
HttpResponse response = app.Context.Response;
app.Response.Redirect("~/auth/SignOn.aspx?capath=" + capath);
Is there a way to send execution or direct to that page and pass the paremeter without showing it in the url? Thanks.
url parameters are very insecure. it is a simple string that goes visible to everyone. you should either encrypt it or use sessions. if it is an id you are passing in the url, you can use uniqueidentifier as an id.
I think the best and easiest way is to send it via Sessions.
You can't hide values sent in query string, but you can encrypt the values, if you want them not to be readable. OR Instead of simple redirection you will have look for other option to navigate to next page
if you website has distributed in many computer, you should use cookie in order to void session miss
write cookie
HttpCookie testCookie = new HttpCookie("capath");
testCookie.Value = HttpUtility.UrlEncode(capath);
Response.Cookies.Add(testCookie);
read cookie
if (Request.Cookies["capath"] != null)
{
HttpCookie getCookie = Request.Cookies.Get("capath");
}
