0

So I'm wondering, what are the pro's & cons of the various ways to pass data between pages in your project.

I know of:

  1. Sessions: I can't use this because my project needs to be deployed on something like Azure, sessions aren't good for multi-server deployment.
  2. Passing parameters between the various actionresults: This works good, but it can be very tedious to do this...
  3. Cookies: I was planning to use this for my project, but I have read that this isn't the best practice?

So I'm wondering what technique you guys are using (and why), so I can make a decision on what technique I will use.

For example: my user is logged in and for several ActionResults I need the UserId to access the userRepository, what is the best way to do this. Or maybe there is even a good way to hold the user as an object (then I wouldn't have to acces the db all the time)? I have set up a login system and its working fine, but doesn't the user get stored somewhere? Or does only some data of the user gets stored? I'm using this for instance:

FormsAuthentication.SetAuthCookie(user.Email, false);

Thanks in advance!

  • You can use Session state on Windows Azure, but because it's out-of-process it means that all session state objects must be serializable. – Dai Mar 24 '15 at 22:36
  • Also, what kind of data are we talking about? You'd use each of your proposed options depending on the context, you can't substitute one for another, it's completely inappropriate to use cookies or URI parameters for large amounts of data, for example. – Dai Mar 24 '15 at 22:37
  • I'm talking about simple variables like usernames and such. –  Mar 24 '15 at 22:37
  • It depends on what you are trying to do, can you give an example scenario? – Burt Mar 24 '15 at 22:39
  • Burt I have added an example in the Op. –  Mar 24 '15 at 22:48

2 Answers2

1

Sessions:
pros : nice and easy
cons : eats memory

Parameters:
pros : its the way forms are 'meant' to work
cons : you can end up passing alot of stuff around or redoing work on the server

Cookies:
pros : access from client and server
cons : they have quirks, esp when dealing with them server side and passing them back. effectivly global variables with locking issues

my call : parameters. you can always have a big json blob

Ewan
  • 1,261
  • 1
  • 14
  • 25
  • In what situation would you use a json blob? –  Mar 24 '15 at 22:50
  • so say you have a page where you have a list of selected items, you can edit them etc and then save them. you could have a form with mutiple fields carfully named. or you could create a json object with all your data in it which matches your viewmodel for the action and send that back via ajax – Ewan Mar 24 '15 at 22:53
  • the username you use as an example, isnt a good example.you should generate a authentication token and pass it in the header or some other crazy stuff – Ewan Mar 24 '15 at 22:56
  • You are confusing the issue with authentication. problem 1: how do I persist data over postbacks. problem 2: authentication, a special case – Ewan Mar 24 '15 at 23:08
1

Passing usernames around sounds a lot like authentication. Take a look at ASP Membership https://msdn.microsoft.com/en-us/library/yh26yfzy(v=vs.140).aspx

Depending on your requirements you could also look at TempData although this is only really useful for redirecting between actions. Using Tempdata in ASP.NET MVC - Best practice

Edit - based on the fact you are using authorization cookies, you should consider MVC authorized attributes https://msdn.microsoft.cohm/en-us/library/system.web.mvc.authorizeattribute%28v=vs.118%29.aspx

Or another good approach is to use a Base controller class that handles your authorization

 public BaseController: Controller
 {
       protected string username ;

       protected override void OnActionExecuting(ActionExecutingContext filterContext)
    {
           // Do authorization here
          username = // code to get username 
   {
 }
Community
  • 1
  • 1
ste-fu
  • 6,879
  • 3
  • 27
  • 46
  • Yeah TempData isn't really suited for what I mean. That Membership thing, I already have a login system, take a look at the line of code I added. –  Mar 24 '15 at 23:01
  • Then I think you've answered your own question. You should use cookies for all your authorized actions. – ste-fu Mar 24 '15 at 23:13
  • So I can use 'User loggedInUser = AuthorizeAttribute.Users' to get the current logged in user? –  Mar 24 '15 at 23:44
  • The AuthorizeAttribute is actually based around ASP Membership, but you could write your own filter attribute along similar lines. – ste-fu Mar 25 '15 at 09:04