What options to I have to pass a value between two asp.net pages

Question

I want to know what the best practice is for passing values (sometimes multiple values) between two asp.net pages

In the past I have used query strings to pass a value in asp like this:

href='<%# Eval("TestID","../Net/TestPage.aspx?TestID={0}") %>'><%#Eval("Title")%> </a>

I assume you can do this in the code behind but I do not know the best way.

I also assume it is possible to pass more than one value.

Could someone provide me with a VB snippet which would give me an idea of how to go about this?

Answer 1

You can use a session, cookies, the query string, hidden form fields in a post request.

Answer 2

It would help you to check out the following links:

a. Cross page postbacks

b. How to pass values between ASP.NET pages (MSDN)

c. Another article by Steve C. Orr on Passing values.

Answer 3

You have many options for passing data and all of them can pass multiple values between pages.

You can use the Request.Form collection to capture values that have been submitted from an HTML form with the POST verb (i.e. " method="POST">).

The code looks something like:

Dim formvalue As String
formValue = Request.Form("FormField1")

You can also use parameters in a URL query string (much like you example):

Dim queryStringValue As String
queryStringValue = Request.QueryString("QueryStringValue1")

You can set a cookie (it's lifetime will depend on the Expiry property value that you set):

Setting a cookie (note: you use the HttpResponse object here. The user's browser stores the cookie when it receives the Set-Cookie HTTP header value from the response to a request)

Response.Cookies("CookieValue") = "My Cookie Data"
Response.Cookies("CookieValue").Expires = DateTime.Now.AddDays(1) ' optional, expires tomorrow

Retrieving a cookie value (we use the HttpRequest object here):

Dim cookieValue As String
cookieValue = Request.Cookies("CookieValue")

You can use the HttpSessionState object (accessible via the Session property of a page). To set a session variable:

Session["SessionValue"] = "My Session Value"

To retrieve a session value:

Dim sessionValue As String
sessionValue = Session["SessionValue"]

There's another way to pass page state between pages using Page.Transfer (see How to: Pass Values Between ASP.NET Web Pages), but I'd try and get comfortable with the above before looking into that.

---

As far as best practices go it really depends on what data you're passing.

• Don't pass sensitive data via URLs (query strings), forms or cookies. These can intercepted in various ways
• Pass sensitive data using a server-side store (like session state or a database) but consider how to keep the session ID safe.
• Never trust data from outside your application (data that users have entered via a form, information read from a database, etc.). Always encode this information before displaying it again in your pages. This prevents against Cross-Site Scripting (a.k.a XSS) attacks.
• Don't use sequential IDs in query strings where you're passing user-specific identifiers between pages. Say you create an Orders.aspx page that lists all orders for a customer. You pass in a CustID parameter via a query string: Orders.aspx?CustID=123. It's easy for someone to change the URL to Orders.aspx?CustID=124 and view information they shouldn't. You can get around this by doing a check that the current user is allowed to see the information, you can use an identfier that can't be easily guessed (commonly a GUID) or pass the information on the server-side.