locked
MVC What is best practices to use things instead of Session and Cookies RRS feed

  • Question

  • User1400716885 posted

    hi,

    I need to minimize the session and cookie usage in the website, so i googled and find some links, Can anyone add something else.

     Summary:
     1.)If we are creating a Angular based Application than 'Local Storage' is the best choice instead of 'Session and Cookie'.
     2.)If we are creating a Mvc application then we can use Local Storage in the places where data shows on the client side and if we need some data on server side, we  need to send that data with previous page url or send with ajax request from current page.
        Also we used Tempdata(instead of Session), QueryString, Hiddenfield and Html5 attributes instead of 'Session and Cookie'.
        TempData is session, so they're not entirely different. However, the distinction is easy to understand, because TempData is for redirects, and redirects only. So when you set some message in TempData and then redirect, you are using TempData correctly.
        However, using Session for any kind of security is extremely dangerous.

    Pass data between pages without using Session and Cookie:
       ===================================================================
    1.) Session and Cookies in ASP.NET MVC? https://gregorybeamer.wordpress.com/2012/11/04/session-and-cookies-in-asp-net-mvc-oh-my/
    Ans: Okay, so there is an alternative: Use TempData instead
     --------------------------------------------------------------------------------------------------------------------------------------------------
    2.) using Local Storage
       a.) Best Practice for State Management in a Distributed Asp.net MVC 4 Application
           http://stackoverflow.com/questions/18161100/best-practice-for-state-management-in-a-distributed-asp-net-mvc-4-application
       Ans: You have Local Storage and can use frameworks like AngularJS. Than you can minimize the number of cases, where you'd need a session state.
     
       b.) Local Storage or Session Storage:
           http://stackoverflow.com/questions/19867599/what-is-the-difference-between-localstorage-sessionstorage-session-and-cookies
        
       c.) HTML5 offline storage - Alternative to Session? [closed]
           http://stackoverflow.com/questions/11849280/html5-offline-storage-alternative-to-session   
         Ans: Session data is stored on the server, HTML5 offline storage is stored in the browser. If you are comfortable storing session data in the browser, sure that           will work. If you have sensitive information that should remain on the server however, keep it in sessions.

        Disadvantages:
        http://stackoverflow.com/questions/16855680/are-there-any-drawbacks-to-using-localstorage-instead-of-cookies
        Ans: 1.)If a user disable cookies, localStorage will not work either.
             2.)You are not using this data server side, so you don't need a cookie. localStorage is never sent to the server unlike a cookie
             3.) The data stored in localStorage and sessionStorage can easily be read or changed from within the client/browser so should not be relied upon for storage              of sensitive or security related data within applications.


    3.) using Secure Query String:
        
       a.) MVC Encrypt Query String:
          http://stackoverflow.com/questions/895586/encrypting-an-id-in-an-url-in-asp-net-mvc
         
         Ans: you have some sensitive data in the form of a query string and want it encrypted so the end user can't see it. But you need the ability to decrypt this value in your application to do something with it.

    4.) Using Hidden Fields and html 5 Attributes:
        http://stackoverflow.com/questions/11770772/how-to-get-html5-attributes-and-values-into-mvc-hiddenfor
       
        Ans: @Html.HiddenFor(x => x.Deleted, new { @class="deleted", data_id=Model.Id })

    5.) How can I pass parameters to a partial view in mvc 4
        http://stackoverflow.com/questions/20799658/how-can-i-pass-parameters-to-a-partial-view-in-mvc-4
      Ans: @Html.Partial("_SomePartial", new ViewDataDictionary { { "id", someInteger } });
        


     

    Wednesday, November 16, 2016 7:06 AM

All replies