How to hide parameters from querystring (url) ASP.NET

Question

I'm trying to hide the parameters from the querystrings in my web application. I have been able to do that by using the session to store temporary variables. So it would work like this:

1. Click the view profile button:

href="@Url.Action("RedirectWithId", "Redirect", new { act = "ProfileView", ctrl = "User", id = member.Id})"

2. Calls the redirection method and stores the temp data:

public class RedirectController : Controller
{
    public ActionResult RedirectWithId(string act, string ctrl, int id)
    {
        Session["temp_data"] = id;
        return RedirectToAction(act, ctrl);
    }
}

3. Use it in the action method without the parameter:

public ActionResult ProfileView()
    {
        if (Session["temp_data"] == null)
        {
            return Redirect(Request.UrlReferrer.ToString());
        }

        int id = (int)Session["temp_data"];
        var model = GetUserById(id);

        return View(model);
    }

So it works just fine, however, this way to hide parameters doesn't handle the case where let's say I go to a first profile(id 4), and then go to a second one(id 8). If from the second profile I press the back button on the navigator trying to go back to the first profile(id 4), I'm going to be redirected to the current profile(id 8), since 8 is the current value of the Session["temp_data"].

Is there a way to handle this perticular case? Or is the another totally different and better way to hide parameters in the URL?

Thank you!

Answer 1

I came to the conclusion that since I am already using authorizations and roles within my application, I don't need to always hide the parameters. I can simply hide whenever I am passing a complex object as a parameter.

Answer 2

You can try this instead of Session

TempData["temp_data"]