CODEWITHSUNDEEP
asp.netpostback
MatthewMartin
MatthewMartin

Reputation: 33143

Can a URL change on postback?

I only need to parse URL Request.Querystrings on GET, not on postback, right?

if(!IsPostBack)
{
    Viewstate["magic_number"] = Parse(Request.Query);
}

The user can't be expected to modify the URL in the Request for subsequent postbacks, or can they?

Motivation for question-- I don't control the javascript snippet that does the postback, so it's something of blackbox to me.

Upvotes: 2

Views: 2792

Answers (4)

Joel Coehoorn
Joel Coehoorn

Reputation: 415735

The URL is not expected to change. But remember that each postback is a new instance of your page class. So if you didn't save the results somewhere on the first view you need to be prepared to do it again on the next one, and so on. In this case you saved it to ViewState, and so that should be fine.

However, I suspect you wouldn't be asking the question unless you had observed behavior that led you to suspect otherwise. So let's consider for a moment what things could cause this to break:

  • It is possible to modify ViewState at the client where you saved your results (though not trivial and definitely not recommended).
  • You can fake a postback before the initial page view.
  • You can use javascript to alter the posted url.

However, for all these things you would certainly know if you have written anything to do that.

Upvotes: 2

JonnyBoats
JonnyBoats

Reputation: 5187

As others have pointed out, The URL is not expected to change. Of course if we lived in a perfect world you would never get email spam and noone would ever attempt to do anything malicious to your website.

In the real world you should expect that malicious people will attempt to hijack your website and need to be concerned with things like injection attacks

You should never make any assumptions that the data received on a postback is valid.

Upvotes: 0

Guffa
Guffa

Reputation: 700322

The URL does not normally change for a postback.

It's of course possible to use a tool like FireBug to edit the URL in the form tag before the postback, but then you probably don't want the value that the user injected anyway, but the original value.

Upvotes: 1

Vikram
Vikram

Reputation: 6877

Your assumption is correct, the URL is not expected to be modified in subequent post backs and you need to parse the query string only on the GET, which happens the first time the page is loaded.

Upvotes: 1

Related Questions