MVC2中隐藏字段的替代方法

Question

I have a viewModel that contains a string that is populated before being passed to a partial view. I need to be able to get the data back when the form is posted. At the moment I have created a hidden field and bound the data to it. Then when posting back I can get the data from the form collection.

This isn't exactly what I would like. I would prefer for the data to be entirely hidden from view. Using sessions aren't really an option for the framework I have to adhere to.

Is there any alternative I can use?

Thanks

Answer 1

A bit of clarification is needed here: is the important thing that the data is not visible to the user, or that it is not accessible ?

If you want to make it invisible , you could store the data in a cookie instead of a hidden field. When you read it on the server, you also mark the cookie as expired. It's a bit of a hack, but it will do what you ask for - store data on client side but not in the markup.

If you want to make it inaccessible , you could either obfuscate it (hash or encrypt it, for example) and still store it in a hidden field (or cookie, as above), but knowing that since you still give the user some part of the information, it is not entirely impossible to access the data.

If the important thing is to store data where the user cannot, in any way, access it, but you're unable to do so on the server side, you're out of luck. Anything you send to the client, a smart enough user can read.

Answer 2

Keep it stateless

If at all possible keep your requests completely stateless . I would avoid storing data in a session. I'd rather encrypt/obfuscate data and put it in a hidden field/cookie than introduce state. It will make it harder on you later on. Believe me.

Can you explain a bit more why you need to preserve this state?