Best Practices for Passing Data Between Pages

Question

The Problem

In the stack that we re-use between projects, we are putting a little bit too much data in the session for passing data between pages. T

Answer 1

Several months later, I thought I would update this question with the technique I ended up going with, since it has worked out so well.

After playing with more involved session state handling (which resulted in a lot of broken back buttons and so on) I ended up rolling my own code to handle encrypted QueryStrings. It's been a huge win -- all of my problem scenarios (back button, multiple tabs open at the same time, lost session state, etc) are solved and the complexity is minimal since the usage is very familiar.

This is still not a magic bullet for everything but I think it's good for about 90% of the scenarios you run into.

Details

I built a class called CorePage that inherits from Page. It has methods called SecureRequest and SecureRedirect.

So you might call:

 SecureRedirect(String.Format("Orders.aspx?ClientID={0}&OrderID={1}, ClientID, OrderID)

CorePage parses out the QueryString and encrypts it into a QueryString variable called CoreSecure. So the actual request looks like this:

Orders.aspx?CoreSecure=1IHXaPzUCYrdmWPkkkuThEes%2fIs4l6grKaznFGAeDDI%3d

If available, the currently logged in UserID is added to the encryption key, so replay attacks are not as much of a problem.

From there, you can call:

X = SecureRequest("ClientID")

Conclusion

Everything works seamlessly, using familiar syntax.

Over the last several months I've also adapted this code to work with edge cases, such as hyperlinks that trigger a download - sometimes you need to generate a hyperlink on the client that has a secure QueryString. That works really well.

Let me know if you would like to see this code and I will put it up somewhere.

One last thought: it's weird to accept my own answer over some of the very thoughtful posts other people put on here, but this really does seem to be the ultimate answer to my problem. Thanks to everyone who helped get me there.