Hiding Action method parametrs from Url while Redirecting

Question

Here I am explaining a case that we need to face several times during development.

Suppose there is a html table with data and columns with edit and delete option.

I am using inline javascript method for editing and deleting for edit and delete icon for each and every row.

<a class="fa fa-pencil xxx" title="Edit" href="javascript:;" onclick="Edit(79);" style="padding:0 2px;"></a>

Click on edit icon will open the form , user can change/edit the value and save it. Let my Edit function is something like this.

function Edit(Id) {
            window.location.href = "/FIID/edit?id="+Id;
}

My problem is that it will show the id in Url which is not accepted.

I tried with a different solution. Firstly on an ajax call I am setting the id in Session and then redirecting to the edit page.

function Edit(cellvalue) {
    $.ajax({
        url: '/FIID/SetcurrentID',
        data: { user: cellvalue },
        datatype:"json",
        success: function (data) {
            window.location.href = "/FIID/edit";
        }
    });
}

Inside SetcurrentID action method I am storing the id in Session and then using this session value on edit action method, loading respective user for editing. Thus the id is not showing in Url.

My Question is:

1. Is it a good approach ?
2. What would be the other possible solutions ?

Answer 1

The id will always be available, whether if you set it in html or as a url query string.

If your business requirement is not to identity your id, then I recommend that you encrypt it on the server before sending it to the browser. Then, when you edit, send it back to the server on your post. Remember, it will be encrypted. Then, on the server side, you can decrypt the value and use it as you need.

One choice would be RSACryptoServiceProvider, but even encrypting the ids you should validate them on the server side to avoid someone to send an id that could affect other data rater then the data you want to change.