passing state

[Mark]

hi,
how can i pass state for each user through pages without using
session,cookies,hidden form fields,querystring or database, which knowledge
base article 175167 refers? i don't want to build a form with hidden fields
and get it posted on the client. it seems possible using server variables,
response.addheader method, but how can i use it?
thanks

 

[Ray at]

You pretty much named all the ways to carry things from page to page. Why
are you opposed to all of them?

Ray at work

 

[Mark]

i think, form posting is an awkward approach, if you don't have cookies
sessions won't work, querystring reveals everything about your application
and it seems also awkward and amateurish to me that users may trick the
application by manipulating the querystring, and database approach is the
arduous way for me because i just want to pass state from page to page thus
it will be cumbersome and unneccessary to maintain a database just for this
purpose. i am wondering if its possible by using http headers?
thanks

 

[Tim Slattery]

i think, form posting is an awkward approach, if you don't have cookies
sessions won't work, querystring reveals everything about your application
and it seems also awkward and amateurish to me that users may trick the
application by manipulating the querystring, and database approach is the
arduous way for me because i just want to pass state from page to page thus
it will be cumbersome and unneccessary to maintain a database just for this
purpose. i am wondering if its possible by using http headers?

How do you think cookies are implemented? The web server and client
use a special header to pass the cookie values back and forth. So
looking for some other header solution isn't buying you anything at
all.

 

[Dave Anderson]

i think, form posting is an awkward approach, if you don't have
cookies sessions won't work, querystring reveals everything about
your application and it seems also awkward and amateurish to me that
users may trick the application by manipulating the querystring, and
database approach is the arduous way for me because i just want to
pass state from page to page thus it will be cumbersome and
unneccessary to maintain a database just for this purpose. i am
wondering if its possible by using http headers?

Absolutely. Cookies and forms (methodOST) use http headers. Otherwise, no.
I see nothing wrong with requiring users to have cookies enabled -- session
cookies at the very least -- in order to do something more than casual
browsing.

As for manipulating the querystring, the DB approach allows you to abstract
the QS data from the state information you are passing around. Consider what
Amazon does to the following URL when you follow this link (for possibly the
most useless thing ever conceived):
http://www.amazon.com/exec/obidos/tg/detail/-/B00009XFX4/



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[Brynn]

Agreed ... I have to say that I have seen MANY cases where people
think that sessions should be used instead of cookies ... only reason
being that they can turn cookies off...

How many of these users that are turning there cookies off are going
to click that little box to allow something called "Session Cookies"
to stay on ... they don't know what those are ... so if it isn't a
security issue, go a step further and use cookies instead of sessions.

Mostly on topic ... just a gripe. I have cleaned up projects that have
used sessions with shopping carts and destroyed their performance ...
anyway ... done with my rant.

Forms can be hard to use ... they assume, a little too much, that the
user is going to browse forward through the website ... I have used
this technique, but not for long trips ... especially not site long
trips.

Brynn
www.coolpier.com

There is also always using an encrypted querystring ... but I would
still rather have my screen popup that says "Error: Cookies must be on
for this feature to work."

How do you think cookies are implemented? The web server and client
use a special header to pass the cookie values back and forth. So
looking for some other header solution isn't buying you anything at
all.

I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!

Brynn
www.coolpier.com