Hide Query String in URL

Question

Is there possible to Hide Query String from URL??

I planned to go for session Variable.. but it works only for a limited time.

my URL and Query strings are

Default.aspx?a=b&c=D

I need as Default.aspx

I tried for encryption and Decryption.. but the values can be changed in address bar.

Answer 1

If security is your concern then security by obscurity is not the best way. Sending the data by POST doesn't solve the problem either unless you use some kind of encryption.

You could just as easily encrypt the URL btw. Using the Session is not recommended since it puts extra load on the server.

Cookies can potentially affect performance.

If you are only concerned about security then encrypting the Query string is an option.

Answer 2

Ganesh,

You have to understand what a URL is,

A URL is an address that enable access to a resource on the internet.

So we shouldn't hide anything in the URL, because it's like saying someone "Go to the 127th John Street, London" and you don't want him to try to go to the 126 (because he's not allowed to)!

Why would you want to hide an url parameter ? Most of the time because your user must have the correct privilege to access a resource, so here your solution would be :

• store the user id in the session, and when a user try to access to the ressource check that he's got the mandatory privilege

• Or make your product ID something else than integer (or add a column in your DB "ProductIDUrl") like a guid , so no one can guess the product id.

Answer 3

I don't use .NET, but you could use POST instead GET.

Answer 4

Use URL rewriting or URL Routing to do this....

Answer 5

If session variables are not good for you, try storing values in cookies.

Answer 6

Use POST action on your Form rather than GET. Values will still be able to be changed though, they just won't be visible on your URI