secure way to pass large string values between dynamic pages_问答_开发者

secure way to pass large string values between dynamic pages

开发者 https://www.devze.com 2023-02-15 22:35 出处：网络

secure way to pass large string values between pages, i开发者_高级运维 have used PHP in server side, jquery ajax in client side

i am doing a travel portal where list of trains i have to shown for booking, i get the details as json from php and format the json data in to html. every thing is fine

The problem is i need to pass selected trains info and all trains info to next page, if the user wish to change the selected train i need to go back to the previous page and show the list of trains again without querying server

how do i pass values to next page in a secure way? or how do i keep large values across pages?

There are several ways to do this, none of which are optimal.

You can keep everything in memory by "faking" different pages, using hash-bang urls
you can send them on via normal get parameters, but as you probably already know since you ask this question, this has limitations
you can use html5 localstorage, but since it is not supported by anything but the newest browsers this is not good for a production site that needs to target a broad audience
you can use cookies, but here you will run into the same limitations as the get urls parameters
You can use flash storage, but that requires a flash app loaded on each page, and some users might not have flash or might have disabled flash local storage

The best solution in my mind is #2: use get url parameters and keep state via the url. Be aware of the limitations of url length across various browsers, and "compress" your data so they minimize their footprint.

The way to do this is usually to use as few url parameters as possible, holding comma separated bit flags.

So for instance you can change url parameters from

?cars=ford,bmw,vw,mazda to ?c=23

and then test c bitwise against predefined variables like:

var BMW = 1, VW = 2, FORD = 4, KIA = 8, MAZDA = 16;

if(c & BMW) { bmw is set}
if(c & VW) { vw is set}
if(c & FORD) { ford is set}
if(c & KIA) { kia is set}
if(c & MAZDA) { mazda is set}

This example is not meant to be pretty, only to show the concept.

If you minimize your url footprint this way you can have a massive amount of data stored in an url, and you are unlikely to run into url size restrictions.

As Robert said, you might want to use the PHP Session. Otherwise you can use JSON and pass it via GET, you might get some problems regarding the length of the GET params though. Mind you if you're not going to query the server, all data is open for manipulation.

can you use a POST between pages?

You might think about storing this in the user session. This keeps your data 'secure' on the serverside, otherwise you lose 'control' of your data to the user.

bset secure way is create data in database for session or add data to cookie ( first way is better ) and only pass id with get to another page