1

This code is used to send user id to a login page, and will validate the user and redirect to this link. However, sometimes I can see login page and id for a second before user detail page display. This is fine, but I want to hide id in URL. 

var url="http://companyABC.com/login.aspx?id='123'";
var sb = new StringBuilder();
sb.Append("<script type = 'text/javascript'>");
sb.Append("window.open('");
sb.Append(url);
sb.Append("');");
sb.Append("</script>");

this.ClientScript.RegisterStartupScript(this.GetType(), "script", sb.ToString());
Termininja
  • 6,620
  • 12
  • 48
  • 49
seagull
  • 237
  • 1
  • 7
  • 19
  • 5
    Anyone hell-bent on getting that information won't actually need to *see it* as their code will grab the url anyway. If your security relies on a user not seeing this url, then you need to rethink your entire design. – Moo-Juice Jan 16 '14 at 18:54
  • Well, just don't put parameters in the query string... it isn't THAT drastic of a change – Nick Jan 16 '14 at 18:54
  • Okay, can you confirm, that your actual problem is, that the redirect takes too long after you opened a popup window? Your posted code is a bit confusing. – Dio F Jan 16 '14 at 18:55

1 Answers1

3

window.open uses a GET request. If you want to hide the query string in the URL, you need to use POST to deliver the ID in the body of the request instead of the query string. There's already an SO post on how to do that.

You should also consider brushing up on your understanding of web technologies. http://www.w3schools.com/tags/ref_httpmethods.asp

Community
  • 1
  • 1
akousmata
  • 1,005
  • 14
  • 34