How to pre-populate a form from a web app on a different server_问答_开发者

How to pre-populate a form from a web app on a different server

开发者 https://www.devze.com 2023-03-05 04:24 出处：网络

I have Web Application A on Server A that links to Web Application B on Server B. I\'m linking to a form that I want to pre-populate with data from Web Application A. So:

相关专题：

I have Web Application A on Server A that links to Web Application B on Server B. I'm linking to a form that I want to pre-populate with data from Web Application A. So:

Web App A --Links to form and sends data for pre-population--> Web App B

Since they're on seperate servers I importunately can't just plop something into Session, so I'm going to have to be a little more creative. I'm considering a few different options and I'm looking for the simplest of those solutions. Any suggestions?

Here's a few options I'm considering:

Pass the form data in the link via query string parameters. This seems simple enough, is the legit to do? Or is it a security concern? I'd be passing about 8 parameters, the most sensitive being e-mail address and address. This would all be over SSL.
Similarly, 开发者_JAVA技巧I could pass the data as POST parameters.
Web App A writes a cookie, Web App B reads the data from the cookie. (This seems like more of a security concern than passing as GET or POST parameters)
I could share an object via JNDI to use for prepopulation. Then I guess I could pass a unique ID on the query string which Web App B could use to pick up the object. This seems like it might be "overkill" and I'm not sure how this would work.
I could store the data in a database against a unique ID, pass the unique ID on the query string, then pick it up in Web App B from that same database. Again, this might be "overkill".

Any thoughts? Or is there a better solution that I don't have listed?

You should assume anything that web app A puts in the redirect can be read/stolen/modified/spoofed before it gets to web app B (unless you are using SSL on both app A and B). If this isn't a problem then putting the params on the redirect URL should do you fine.

A secure way would be for app A to generate a unique ID (non guessable and short lived) and to store the info against this ID. The ID is passed with the request to app B. Server B then accesses the data from server A using the ID in a private secure way, for example be calling a web service on server A that is not publically accessible.

In my opinion the GET params are the simplest way to do it, and I don't think there are important security implications.