Pass data to a URL on a different web server without the QueryString

StackOverflow https://stackoverflow.com/questions/22699691

Question

I've got an .ashx handler which, upon finishing processing will redirect to a success or error page, based on how the processing went. The handler is in my site, but the success or error pages might not be (this is something the user can configure).

Is there any way that I can pass the error details to the error page without putting it in the query string?

I've tried:

  1. Adding a custom header that contains the error details, but since I'm using a Response.Redirect, the headers get cleared
  2. Using Server.Transfer, instead of Response.Redirect, but this will not work for URLs not in my site

I know that I can pass data in the query string, but in some cases the data I need to pass might be too long for the query string. Do I have any other options?

Was it helpful?

Solution

Essentially, no. The only way to pass additional data in a GET request (i.e. a redirect) is to pass it in the query string.

The important thing to realise is that this is not a limitation of WebForms, this is just how HTTP works. If you're redirecting to another page that's outside of your site (and thus don't have the option of cookies/session data), you're going to have to send information directly in the request and that means using a query string.

Things like Server.Transfer and Response.Redirect are just abstractions over a simple HTTP request; no framework feature can defy how HTTP actually works.

You do, of course, have all kinds of options as to what you pass in the query string, but you're going to have to pass something. If you really want to shorten the URL, maybe you can pass an error code and expose an API that will let the receiving page fetch further information:

  1. Store transaction information (or detailed error messages) in a database with an ID.
  2. Pass the ID in the query string.
  3. Expose a web method or similar API to allow the receiving page to request additional information.

There are plenty of hacky ways you could create the illusion of passing data in a redirect outside of a form post (such as returning a page containing a form and Javascript to immediately do a cross-domain form post) but the query string is the proper way of passing data in a GET request, so why try to hack around it?

OTHER TIPS

If you must perform a redirect, you will need to pass some kind of information in the Query String, because that's how browser redirects work. You can be creative about how you pass it, though.

  1. You could pass an error code, and have the consuming system know what various error codes mean.
  2. You could pass a token, and have the consuming system know how to ask your system about the error information for the given token behind-the-scenes.

Also, if you have any flexibility around whether it's actually performing a redirect, you could use an AJAX request in the first place, and send back some kind of JSON object that the browser's javascript could interpret and send via a POST parameter or something like that.

A redirect is executed by most browsers as a GET, which means you'd have to put the data in the query string.

One trick (posted in two other answers) to do a "redirect" as a POST is to turn the response into a form that POSTs itself to the target site:

Response.Clear();

StringBuilder sb = new StringBuilder();
sb.Append("<html>");
sb.AppendFormat(@"<body onload='document.forms[""form""].submit()'>");
sb.AppendFormat("<form name='form' action='{0}' method='post'>",postbackUrl);

<!-- POST values go here -->
sb.AppendFormat("<input type='hidden' name='id' value='{0}'>", id);   

sb.Append("</form>");
sb.Append("</body>");
sb.Append("</html>");

Response.Write(sb.ToString());

Response.End();

But I would read the comments on both to understand the limitations.

Basically there are two usual HTTP ways to send some data - GET and POST. When you redirect to another URL with additional parameters, you make the client browser to send the GET request to the target server. Technically, your server responds to the browser with specific HTTP error code 307 + the URL to go (including the GET parameters). Alternatively, you may want/need to make a POST request to the target URL. In that case you should respond with a simple HTML form, which consists of several hidden fields pre-filled with certain values. The form's action should point the target URL, method should be "POST", and of course your HTML should include javascript, which automatically submits the form once the document is loaded. This way the client browser would send the POST request instead of the GET one.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top