Hey.
I've seen many sites using variables such as hash key and sid which contain a numerous sequence of letters which appear in a random order.

1. sID I assume that is the Session ID but why pass it through the querystring if it is already stored in the SessionID?
2. What is the usage of the hash key in the querystring?
3. When refering to a page why make another variable in the querystring that contains a random number?
4. In ASP.NET the information is passed by forms and is usually uses the post method. This can be a bit annoying when refreshing a page because the browser always asks if I want to proceed with the page becuase the information is passed by a form.
My question is:
Is there a way to prevent the browser from asking this question everytime I refresh the site other than just using the method get?

Thanks for the helpers.

Is there a way to prevent the browser from asking this question everytime I refresh the site other than just using the method get?

Well, I'm more fluent in languages other than ASP.NET, but here's my guess:

Likely the cause of this is because the current page is actually the recipient of POST information from another page (via cross-page posting)...

So there must be a way to clear the POST information of the current page on subsequent page refreshes (I assume you are refreshing the page using something other than a form, otherwise the POST would be replaced).....Either by manipulating some global server variable or possibly fiddling with the HTTP headers of the page...

As an alternative to cross-page posting, and perhaps preferable (because you don't have to store data in either GET or POST between different pages), you can save all of your form data in a Session object (on post back to the same page) and use Response.Redirect() to navigate to the "receiving" page...On the "receiving page", you can then retrieve your form data from the Session object and do whatever you want with it...

That should work. However I'm wonder whether it's efficient.
I realize I can just use a function that automatically converts every element in the form to a session but won't it use many resources of the server? Doesn't it overload on the server to use such function and then redirect the same page?

Thanks!

That should work. However I'm wonder whether it's efficient.
I realize I can just use a function that automatically converts every element in the form to a session but won't it use many resources of the server? Doesn't it overload on the server to use such function and then redirect the same page?


From what I've learned, the performance hit for using Sessions versus POST/GET is negligible...And your data is far more secure in transmission using sessions as opposed to GET/POST...

When you use Sessions, you don;t need to use a special function to convert your data into an acceptable format....You only need to assign POST data to the Session object like so:

Session["key"] = varName;

On the "receiving page", if varName is an integer (for example), then you only need to cast the Session value to the proper type to manipulate it:

int varName = (int)Session["key"];

Also, redirecting the page requires almost zero server resources....

Finally, Sessions are enabled by default in ASP.NET, so if you're really worried about wasting resources, you might start by disabling sessions on the pages where you don't use them...But again, honestly, I don;t think you will see a significant boost in performance of your app by doing this....

Ok. Thanks alot! I'll try that!
So now my questions are:
1. sID I assume that is the Session ID but why pass it through the querystring if it is already stored in the SessionID?
2. What is the usage of the hash key in the querystring?
3. When refering to a page why make another variable in the querystring that contains a random number?

If you are wanting to do a cross page post back, here is a good article to read. It explains the different methods that you are use. It is also written in C#, there are someother way of exposing a control value from one page to another page.

Anyway here is a link to a article
http://www.devx.com/dotnet/Article/33835

Here is another article on exposing a control value to another page.
http://www.dotnetbips.com/articles/displayarticledetails.aspx?articleid=79

Public ReadOnly Property Name() As String
Get
Return TextBox1.Text
End Get
End Property

So now my questions are:
1. sID I assume that is the Session ID but why pass it through the querystring if it is already stored in the SessionID?
2. What is the usage of the hash key in the querystring?
3. When refering to a page why make another variable in the querystring that contains a random number?
Most of your questions should be directed to the coder of the website in question. But I can think of a few reasons of my I would want to use a hash code in my querystring. If I have a site that requires a login, I can create a random hash put it in the querystring and also place it in the database or session. As you move from page to page I will know it is you. I can check your querystring and compare it with the value that I placed in the database or in your session.

It is easy to hash any value using SHA1, SHA256, SHA384, SHA512, or MD5. You can then add a random salt value or a static value to it. I know one site that on every link he has a MD5 hash in his querystring. Every time you refresh his page every links hash value is changed. The main reason he does this is to be able to tell if someone clicks the back button.

So you can see that only the coder of the site in question can tell you why he/she is pulling a hash value in their querystring. As far as the browser refresh, I am not sure if there is anything you can disable to stop the message.

Thanks! That's a very good reason.
Now for my other questions:
3. When refering to a page why make another variable in the querystring that contains a random number?
Explanation:
If I want to retreive a page using AJAX I usually add a variable to the querystring like: Default.aspx?q=0965167918345.
I heard it has something to do with the page cache but I have no idea what cache means and how does it help?
My assumption:
Cache is something that remembers your page. So lets say you have the main page. If you visit the main page again and it detects the same url as before it doesn't check certain information and just automatically shows the previous information it remembers about it. (Of course the cache is saved within the browser's files).
So when reffering to a page using an AJAX function you need to use a different link on each to have the results different and not read from the previous link's memory?

Thank again.

You should really avoid passing any kind of important or sensitive information in a URL's query string. It is perhaps the least secure way to transmit data. And if you are hashing something in the query string, that tells me that you should probably be transmitting that data in a more secure way. Try using POST, Sessions, or a database/data file instead (listed in order, from least secure to most secure) to transmit your sensitive data (across the pages of a web site or app).

Explanation of caching: http://en.wikipedia.org/wiki/Cache

Thanks chump! But my question was why do people do that. I don't actually use these methods. I'm just looking for somekind of explanation.
The explanation freon provided me makes sense on the sID and the randomed sequence of letters. But the hash key idea is still not clear to me.

Hi BarrMan,
Maybe some code will help, this link has some good reading. You may also think that hey anything you put into a querystring you can also put into a session or cookie. Thinking this is right but if your site is host on a shared site with web farms like most are. Then you can not trust sessions because as the server frontend loads change they will switch you from one server to another. When they do all your sessions are lost, guess you got use cookies :-).

Anyway here is some good reading.

http://dotnetjunkies.com/HowTo/99201486-ACFD-4607-A0CC-99E75836DC72.dcik
http://dotnetjunkies.com/Article/3ABCD244-CC7C-4CED-B64E-BCF05191CDAB.dcik
http://www.codeproject.com/aspnet/PassThroughSecurity.asp

Thanks very very very much! These sites helped me alot!