I’m designing a web application that has to pass sensitive information (like the user’s account number) from page to page until the user is done (the application is like a wizard), for logging purposes. What is the best way of storing this data so that each page in the process can get access to the data? Should I be storing it in the session? In the database, then delete it at the end? Some method I haven’t thought of yet?
I’m designing a web application that has to pass sensitive information (like the user’s
Share
I personally try to avoid using the session where possible. Here are the options that I know of when dealing with wizard type scenarios:
Option 1
Use JQuery as discussed in Nadeem Afana’s blog. The pages are displayed to the user one by one but the information is not submitted until the final page.
Option 2
Is the information on every page sensitive? Could it be structured so that the sensitive information is just asked for on the final page? If so you could serialize data across the pages as discussed in Darin Dimitrovs answer and just not provide a back button on the final page. Alternatively, the data that is serialized can be encrytped with ease using the same MVC Futures serialization software although i’m not sure how sensitive your information is and whether you would want to rely on this. The answer also mentions alternatives such as Stepy but I have no experience with this.
Option 3
If the information is sensitive you could write/read the information to a database between requests.
Option 4
Finally, if you can’t use any of the above then I would use the Session or TempData (which is a wrapper around the session) but beware that with TempData, if the user refreshes the page then the information will be lost.