Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeArchived Discus...Archived Discus...Developing Under Previous Versions of .NETDeveloping Under Previous Versions of .NETASP.Net 2.0ASP.Net 2.0How to not pass values in the URLHow to not pass values in the URL
Previous
 
Next
New Post
7/31/2007 1:46 PM
 
Raldo Loots

Joined: 9/29/2005
Posts: 36

umm..yes; I forgot to mention the site pulls about 30-40GB of traffic per month, currently have about 4 000 users with about 80 000-100 000 page views per day and I am a fairly experienced DNN developer. Session variables is therefore a no-no when this site eventually needs to run in a farm environment. That is actually what I was trying to say...and looking for a feasible alternative.

It is actually just to pass a full-text search string from one module to another. Advanced search queries can have many illegal characters that can not be passed through the URL, even when using Server.UrlEncode. I am investigating further.

 
 
New Post
7/31/2007 2:42 PM
 
Carlos Rodriguez

www.almacigo.com
Joined: 6/10/2003
Posts: 615

Okay, I spoke too soon about the server farm use (I've never done it myself).  But, if you are coding both of the modules in question, and it is not on a server farm (and most DNN sites are not), I still do not see a problem with session variables.  I have used them in multiple Intranet type DNN modules (applications) without a problem.

By the way, where can I find up to date documentation on IMC?  Seems to be lacking and scattered, is it still under development?  Supported by the DNN core?  I could not find any info on IMC on the latest documentation package, from 4.4.1, which is actually from 4.3.7.

Carlos

 
 
New Post
7/31/2007 5:45 PM
 
Matthew Christenson

Joined: 10/19/2006
Posts: 164

almost every time I use query strings to pass variables, I'll use the following class to put all of my information in a single tamper proof variable.  This class is hacked up from some web tutorial i found some place, I tried to look for the reference but couldn't find it.

I wonder, why don't session variables work even in a web farm environment?  will a couple of small session variables really make a huge difference?  there are already a bunch of database calls with every page request, what's one more?

Another option you have would be storing the variables in the viewstate - so that the data exists on the return request itself and is tamper proofed by the viewstate validation that ASP.NET handles early in the page stack.

 

 

 

Systemsystem.Collections.SpecializedSystem.Security.Cryptography

Imports

System.Text

Imports

System.Web

Namespace

 

 

SecurityPublic Class SecureQueryString : Inherits NameValueCollectionPublic ReadOnly Property IsExpired() As Boolean

 

Get

 

 

Return _isExpiredEnd Get

 

End Property

 

 

Public Property ExpireTime() As DateTimeGet

 

 

Return _expireTimeEnd Get

 

_expireTime = value

 

Set(ByVal value As DateTime)End Set

 

End Property

 

Public ReadOnly Property EncryptedString() As String

 

Get

 

If IsExpired Then

 

Return ""

 

Else

 

 

Return HttpUtility.UrlEncode(encrypt(serialize))End If

 

End Get

 

End Property

 

 

 

Public Sub New()MyBase.New()End Sub

 

deserialize(decrypt(encryptedString))

_isExpired = DateTime.Compare(ExpireTime, DateTime.Now) < 0

 

Public Sub New(ByVal encryptedString)End Sub

 

Public Overrides Function ToString() As String

 

 

Return EncryptedStringEnd Function

 

Private Const cryptoKey As String = "changethis

 

Private timeStampKey As String = "__TimeStamp__"

 

 

 

Private ReadOnly IV As Byte() = {240, 3, 45, 12, 0, 16, 193, 59} 'change these numbers for securityPrivate _expireTime As DateTime = DateTime.MaxValuePrivate _isExpired As Boolean

 

Private Function encrypt(ByVal serializedQueryString) As String

 

 

 

des.Key = md5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(cryptoKey))

des.IV = IV

 

 

Dim buffer As Byte() = Encoding.ASCII.GetBytes(serializedQueryString)Dim des As New TripleDESCryptoServiceProviderDim md5 As New MD5CryptoServiceProviderReturn Convert.ToBase64String(des.CreateEncryptor.TransformFinalBlock(buffer, 0, buffer.Length))End Function

 

Private Function decrypt(ByVal encryptedQueryString) As String

 

Try

 

 

 

des.Key = md5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(cryptoKey))

des.IV = IV

 

 

 

 

 

 

 

 

Dim buffer As Byte() = Convert.FromBase64String(encryptedQueryString)Dim des As New TripleDESCryptoServiceProviderDim md5 As New MD5CryptoServiceProviderReturn Encoding.ASCII.GetString(des.CreateDecryptor.TransformFinalBlock(buffer, 0, buffer.Length))Catch ex As CryptographicExceptionThrow New Exception("InvalidQueryStringException", ex)Catch ex As FormatExceptionThrow New Exception("InvalidQueryStringException", ex)Catch ex As ExceptionThrow exEnd Try

 

End Function

 

 

 

 

 

Private Sub deserialize(ByVal decryptedQueryString As String)Dim nameValuePairs As String() = decryptedQueryString.Split("&")For i As Integer = 0 To nameValuePairs.Length - 1Dim nameValue As String() = nameValuePairs(i).Split("=")If nameValue.Length = 2 Then

 

 

MyBase.Add(nameValue(0), nameValue(1))End If

 

Next

 

If MyBase.Item(timeStampKey) IsNot Nothing Then

_expireTime = DateTime.Parse(

 

MyBase.Item(timeStampKey))End If

 

End Sub

 

Private Function serialize() As String

 

 

sb.Append(key &

 

Dim sb As New StringBuilderFor Each key As String In MyBase.AllKeys"=" & MyBase.Item(key) & "&")Next

 

'append timestamp

sb.Append(timeStampKey &

 

 

"=" & _expireTime)Return sb.ToStringEnd Function

 

End

 

End Class Namespace

 

 

Imports

 

Imports

Imports
 
New Post
7/31/2007 7:01 PM
 
Erik van Ballegoij


Erik van Ballegoij's Avatar

erikvanballegoij.com
Joined: 4/7/2004
Posts: 4445

As Hooligannes said, session variables are kept in ram. When dnn runs in a web farm scenario, multiple servers are used to serve pages. It could happen that pages for one user are actually served by different physical server. It should be obvious that variables stored in ram will only be available on one server, not on multiple servers.

DNN has some built in URL utilities too, in DotNetNuke.Common.Utilities.UrlUtils (eg. EncryptParameterand DecryptParameter)

Erik van Ballegoij, Former DNN Corp. Employee and DNN Expert

DNN Blog | Twitter: @erikvb | LinkedIn: Erik van Ballegoij on LinkedIn
 
New Post
8/1/2007 3:17 AM
 
Raldo Loots

Joined: 9/29/2005
Posts: 36

Thanks for the responses so far. I have decided to use the Personalization.SetProfile and GetProfile methods to pass the query string from the one module to the other and it works like a charm. I wouldn't think it should be used in all scenarios, but this core fucntionality has seemed to do the job for me (and it should work in a server farm as well?).
 
 Page 2 of 3
Previous123Next 
Previous
 
Next
HomeHomeArchived Discus...Archived Discus...Developing Under Previous Versions of .NETDeveloping Under Previous Versions of .NETASP.Net 2.0ASP.Net 2.0How to not pass values in the URLHow to not pass values in the URL


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out