Passing parameters to Controller ..but NOT on the URL

Question

Is there a way to pass a parameter to a controller without putting it on the URL?

For example, http://www.winepassionate.com/p/19/wine-chianti-docg-la-moto

has the value 19 on the URL. If you actually change that value to another, the page displays a different record even it the page name remains the same.

So I would like to NOT pass the ID on the URL but still be able to pass that to the Controller. What's the recommended way to do so?

Answer 1

You can do a post and send it as a form parameter. I do not recommend this. Posts should be for requests that modify data. In this case you're most likely looking just to get that data. The fact that the id is in the URL is a good thing (see the Stack Overflow URLs for reference). If you really don't want the user to be able to modify it (I hope it's not because you think this makes it more secure, because it doesn't), you could do some simple encryption on it to make it more difficult to guess/produce a valid ID.

Using TempData, as some other suggest, is not a robust solution. It won't work for links on a page, just a GET after POST, and then only once since TempData is deleted after the next request.

Answer 2

Well, you have a couple of options:

1. Is this a form post? If so, then you can simply add a specific key value pair to your form when you submit it and then data will be passed along.
2. Is the URL unique to that resource? i.e. Does "Wine-chianti-docg-la-moto" exist as a unique representation of the number 19 in a database somewhere? If so, then you can simply do a lookup of that route component in your database to retrieve the value you need (or push that logic all the way down to the database).
3. Is that a value that is not expected to change a bunch? You can set that value in Session or in a cookie that would be persisted across pages and then pull it from the respective collection.
4. Are you redirecting to this page from another request on your server? If so, then you can use TempData to store this temporary value. However, I would recommend against this approach, as it is very transient and not good practice imo.
5. Lastly, you can obscure the value on the URL if you dont want it to be easily user editable. Encrypt it with some algorithm, and then decrypt it on the destination page. The user will be unlikely to be able to alter the ID by typing in a different value in the URL.