1

This code is used to send user id to a login page, and will validate the user and redirect to this link. However, sometimes I can see login page and id for a second before user detail page display. This is fine, but I want to hide id in URL. 

var url="http://companyABC.com/login.aspx?id='123'";
var sb = new StringBuilder();
sb.Append("<script type = 'text/javascript'>");
sb.Append("window.open('");
sb.Append(url);
sb.Append("');");
sb.Append("</script>");

this.ClientScript.RegisterStartupScript(this.GetType(), "script", sb.ToString());
Improve this question
3
  • 5
    Anyone hell-bent on getting that information won't actually need to see it as their code will grab the url anyway. If your security relies on a user not seeing this url, then you need to rethink your entire design. Commented Jan 16, 2014 at 18:54
  • Well, just don't put parameters in the query string... it isn't THAT drastic of a change Commented Jan 16, 2014 at 18:54
  • Okay, can you confirm, that your actual problem is, that the redirect takes too long after you opened a popup window? Your posted code is a bit confusing. Commented Jan 16, 2014 at 18:55

1 Answer 1

Reset to default
4

window.open uses a GET request. If you want to hide the query string in the URL, you need to use POST to deliver the ID in the body of the request instead of the query string. There's already an SO post on how to do that.

You should also consider brushing up on your understanding of web technologies. http://www.w3schools.com/tags/ref_httpmethods.asp

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.