I'm designing a new site from scratch and I am writing all of the modules myself. I need to be able to pass data between pages and modules. For example, one page will list all of the customers in the system. Selecting a customer will take you to another page with various customer related modules (address info, employee contacts, account balances, etc). Each of these areas will be a specific module with its own view/edit controls and they each need to know what the currently selected CustomerID value is. Some of the customer modules may lead to child pages with more customer specific modules and so the CustomerID data has to persist through all of them. What is the best way to do this?

My current site uses a lot of querystring parameters. I know DNN supports this and so that is an option but it leads to security concerns for me. First, users can manually manipulate the querystring and attempt to gain access to customer accounts that their security role would not normally allow. I can guard against that through additional checks on each page but I'd rather not have to deal with the extra code if i don't have to.

Another option is session variables which works well except for one problem. I'd like the user to be able to open a new browser window while using the site and be able to access a different customer in each window. If the user opens a new instance of their browser, this will work fine. But if (in IE) the user hits Ctrl + N and open a new copy of the same process, the session variables are shared between both windows. So if he is looking at customer1 in window A and then opens window B and views customer2, the session variable back in window A will now point to customer2 and any updates made for customer1 will actually be applied to customer2. So, session variables are out.

Cookies have the same issue as session variables as changing one browser window will affect the cookies for any other browser windows currently open. So, cookies are out.

I'm still fairly new to DNN so I don't know what other options there are. Can someone offer some advice on how to accomplish this? Links to sample code or MSDN articles would also be greatly appreciated. Thanks!

I apologize if my post was not clear. I know that when using querystring parameters, I need to validate all of the parameters for security and content.

What I'm asking is if anyone knows a better way besides querystring parameters. If you know a better way, I'd appreciate any references to articles, sample code, or MSDN links.

Great suggestion. This would prevent users from tampering with the data. But if the user opened multiple browser windows, how could I distinguish between each window?