.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

query string or session variable or neither for this scenario?

Posted By:      Posted Date: August 30, 2010    Points: 0   Category :ASP.Net
Hello,example scenario: user login has a list of associated 'accounts' it has access to... this list of accounts is stored in a database table, say tblAccountAccessControl, something like:login, accountID-----------------------userA, account123userA, account456userA, account798userB, accountABCuserB, accountDEFetc..this info is used throughout the web application and determines the 'domain' of information the particular login has access to. For example there are many other tables that have the 'accountID' field and whenever a page pulls data from the table it only pulls data that the currently logged in user should be allowed to see, based on that tblAccountAccessControl data.the security question:1) do I need to query the database every time I need to get this list of allowed accountID's? I was about to use a plain old query string to pass a particular accountID to another page but quickly caught myself as I realized that would be a major security flaw (the receiving page was going to use that accountID to grab info from the database, and there would be nothing preventing a user from simply typing in a url manually to get data from an accountID they are not supposed to be allowed to view). So I then thought I'll just store the list of accountID's in a session state variable so they will be carried with the user throughout the sessi

View Complete Post

More Related Resource Links

How to Encrypt Query String Parameters in ASP.NET

Encrypt Query String Parameters in ASP.NET.u can send secure data one page another page u can also use query string to encrypt

How to send an email with information in query string


First I will say I googled (Binged to make Bill happy) for this but could not find anything, perhaps I am not stating what I need correctly;

I have a website that a customer creates orders (for a printing company) and after the order, I would like to email the customer a link to view the status of their order;

I need to send the CustomerID in the link so on the returning page if a CustomerID is detected in the querystring, I "auto login" the client and open the "Dashboard" for the order page for that customer.

Can anyone point me in the right direction as to how to send the link and how to parse the querystring to get the values from the link;

Thank you if you can point me in the right direction.

Session Variable issues


Hello everyone,

I ran into an issud to day with the follwoing code.  The strPanelOrder session variable is false, however, once it goes into the next if statement and sets the strTrimOrder to True, it changes the strPanelOrder session varialbe to true as well.  Why is this and how to I stop that from happening?

If Session(strPanelOrder) Is "False" Then
                If (strItemNumber.Length() = 10) And (strItemNumber.Substring(0, 2) = "FS" Or strItemNumber.Substring(0, 2) = "FC" Or strItemNumber.Substring(0, 2) = "DS" Or strItemNumber.Substring(0, 2) = "DC") Then
                    Session(strPanelOrder) = "True"
                End If
End If
If Session(strTrimOrder) Is "False" Then
               If (strItemNumber.Substring(4, 1) = "T") And (strItemNumber.Substring(0, 2) <> "AC") And (strItemNumber <> "Length") Then
                    Session(strTrimOrder) = "True"
                End If
End If


Thanks in advance for taking a look at this.



Getting URL without Query String

Is there an easy way to get the URL portion without the query string of a given URL?

E.g. http://www.abc.com/?a=b&c=d --> http://www.abc.com/

How to store and retrieve multiple values in a single session variable .


I want to store employee name,designation and department in session variable and
retrieve in another page how to do this.

adding parameter to query string


hi all,

how do i add a new parameter to an existing query string?


now i need to add a new parameter say, showsearch.

Textbox text populated by Session Variable wont update into SQL with new text


Hi everyone, I have what I think is a weird issue. I send text from one page to another via Session Variable. When page 2 loads, the text box has the session text set, but if the user changes the text and clicks the button, the SQL database is update with the original session text. If I remove the redirect from the page 2 button_Click method, then, the page refreshes with the textbox reverting to the session text and thr SQLDataSource has the session text added to it.

Why would the button click cause the textbox refresh with the text from the pageLoad before updating the data source?


Partial Class _1
    Inherits System.Web.UI.Page

    Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
        Session("UpdateProd") = "Have some text here to send to a textbox on page 2"
    End Sub
End Class

Partial Class _2
    Inherits System.Web.UI.Page


label concentation with a string variable


I am trying to do something as simple as this in visual studio.net

double num1 = 2;

num1 = num1 * 2;

 Labe1.Text = "The result shown is" & num1.ToString();


but I keep getting the error message operator '&' cannot be applied to operands of type 'string' and 'string'

Retaining Datagrid Results using Session Variable


I have a page with 2 dropdown menus and 2 datagrids.
The datagrids get populated by a database based on a dropdown menu slection.

This page links to another page which in turn links back to the original.
If the user leaves the first page and then returns back I want to keep the dropdown menus and datagrids populated.

I tried doing this with session variables but can't get the datagrids to stay populated ...

    protected void btnSubmit_Click(object sender, EventArgs e)
        if (this.ddlName.SelectedIndex > 0)
            GridView1.Visible = true;
            GridView2.Visible = false;

            Session.Add("name", this.ddlName.SelectedValue);
            Session.Add("gridview1", GridView1.SelectedValue);

    protected void btnSubmit_Click1(object sender, EventArgs e)
        if (this.ddlLocation.SelectedIndex > 0)
            GridView2.Visible = true;
            GridView1.Visible = false;

            Session.Add("location", this.ddlLocation.SelectedValue);
            Session.Add("gridview2", GridView2.SelectedValue);

    protected override void Page_Load(object sender, EventArgs e)


Session variable in Javascript

Hi, I had tried to use a Session variable in Javascript which are placed in the Header html. but got no luck. In my Init function, I intended to read the username value from database and place it in the session variable["username"].Then the username can be utilized in the second line of code shown as below. <script type="text/javascript"> //load session variable into "username" here. Sys.Application.add_load(Init); </script> <script type="text/javascript" src="http://api.art.com/api?service=api&v=3.1.9&user=<%=(string)Session["username"]%>"></script>Here are the code inside the Init:function Init () { WebService.GetAuthentication(getAuthenticationOnSuccess, getAuthenticationOnFailed); } function getAuthentication() { WebService.GetAuthentication(getAuthenticationOnSuccess, getAuthenticationOnFailed); } function getAuthenticationOnSuccess(result, context) { if(result) { getQueryStringInfo(); } } function getAuthenticationOnFailed(error) { showError(error); } Please help.Cheers,  

Session Variable use / IsolatedStorage

I am using ASP.NET 2.0I am little bit confuse about using of Session Variable. I have a three page web application. When a user login, after verification of user credentials I get user ID from DB and store this ID in a session variable.Session("USERID") = 56by using this ID I can get 20 different values from database as User Full name, user date of birth, user location, user date of joining, User Commission rate  etc. I need some of these values in Page 1, some in page 2 and some values needed in Page 3My question is that what is the best method !01. After successfully login and getting the User ID, I take all these 20 values from Data Base and store these values in an ArrayList and store this ArrayList in a seesion and whenever I need to use any value I take these values from ArrayList which is save in Session variable.02. I only save the user ID in session variable and whenever needed any user preference data, by using this ID I run the sql query and get the data and use this.03. Can I take some benefit by using the IsolatedStorage for this purpose.

I want to encrypt the query string appearing in the URL

I want to encrypt the query string appearing in the URL when pass to other page. For Example: I have a Hyperlink column in GridView  when I click on the link, I pass a parameter to another page. This parameter should not be displayed in the URL as a true value but encrypted. Any help will be most appreciated.  If possible, please provide example. Thank you.  

session solution query

Hi, I have used this line to avoid an error of   <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode="Never" enableViewStateMac="false">  Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.   It works but are there side effects and what does this do? I didnt understand why i get this error and how this works.  

HTTPContext.Current.Session losing the variable sporatically

I have noticed a strange behaviour in my ASP.net 2.0 application. I have some logic in my aspx page that accesses some Session variables fine, then accesses some app_code and most of the time the HTTPContext.Current.Session returns the variable back fine.  However, I have noticed that sometimes this Session returns null, like it has lost it's "pointer" to the current HTTPContext. Is this a known bug, has anyone seen something like this before?   Any help would be appreciated, thanks, Mark. 

Pass XSL "Currently Selected" Value via Query String

Hi, I have a DVWP with an ID column, that's connected to other webparts on the page to filter their values accordingly.   I also have a "Print" button that opens a custom ASP page that's essentially a print-friendly single item data view.  How do I pass the "selected item" value to the URL when a user hits the print button? I've already set up the "ID" parameter and filters on the target page, just need to know how to get the value info from the list ID field inserted into the URL upon button click.  Thanks in advance

Duplicate URLs in Source Parameter of Query String for All SharePoint Lists

After performing a database attach method of upgrading our existing web application from MOSS 2007 to SharePoint Server 2010, all of our lists that migrated now exhibit an interesting but undesirable behavior.  The DispForm.aspx and EditForm.aspx pages that get loaded are given the Source parameter of the query string but instead of the URL being a single entry like: Source=http://sharepointsite.domain.com/Pages/Default.aspx It winds up putting the URL twice like this: Source=http://sharepointsite.domain.com/Pages/Default.aspx,http://sharepointsite.domain.com/Pages/Default.aspx Naturally this makes processing of the form -- either by choosing OK or Cancel buttons -- result in an HTTP 404 error.  The question we're left with is how in the world did the Source parameter get set that way to begin with.   It wasn't that way in 2007. We had thought that perhaps there was something that didn't migrate over correctly for the existing lists, so I tried creating a new list and then added a new item to the list.  So far so good.  Then attempted to Edit Properties or Edit Item or even View Item, etc. -- essentially triggering the load of the EditForm.aspx and DispForm.aspx  -- and we received the 404 again.  At this point we're not sure what's going on or how to fix it.  We've performed the migration three times so far with t

Pipe SQL Query function into Variable with no column headings

Hello, I don't know if I'm in the right forum but could not find one for Powershell. I need to return 1 piece of data from a sql database to a variable. I don't want the column headings. Here's what I have so far:         Function GetMenuGroup ([int]$StoreID) { $SqlConnection = New-Object System.Data.SqlClient.SqlConnection $SqlConnection.ConnectionString = "Server=Servername;Database=DatabaseName;Integrated Security=True" $SqlCmd = New-Object System.Data.SqlClient.SqlCommand $SqlCmd.CommandText = "exec storedProcedure $StoreID" $SqlCmd.Connection = $SqlConnection $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter $SqlAdapter.SelectCommand = $SqlCmd $DataSet = New-Object System.Data.DataSet $SqlAdapter.Fill($DataSet)|out-null $SqlConnection.Close() $DataSet.Tables[0] } $MG=Getdata 2 |out-string Here's the results I get now - How do I return just "DatathatIreallyWant" in a string variable? I don't want the column or underline. ColumnName ------------- DataThatIreallyWant   Thank you, MG2
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend