how to get memberID to transfer from one page to another, javascript

Question

I have a speech bubble(balloon) on a canvas. I allow a user to click on this balloon to see more information about the balloon.

As the user clicks, a new page is popped up and I want to send the mem_ID to the new page so that I can do a query on the new page and post data about the member on the new page.

      // listen for clicks on the balloon, opens a hyperlink attached to the balloon. 
             $("#balloon").click(function popMessage(e) {
                 $("#balloon").hide();

                 // hyperlink opens a new window upon click on the bubble
                 return !window.open('About.aspx?mem_ID' + mem_ID, "pop", "width=1000,height=900"); 

             });

So this is how I am planning to send the member_ID to the new page.

Now how can I retrieve this on the new page, so I can do something with it?

I have a text box on the new page and would like to print this ID just to check if it is transferring:-

<script type="text/javascript">




    var id = <%=Request["mem_ID"]%>

    document.getElementById('<%=TextBox1.ClientID%>').value = id;




</script>

it shows up as 'undefined' in the text box.....any help??

Answer 1

Try this instead ::

document.getElementById('<%=TextBox1.ClientID%>').value = '<%=Request["mem_ID"]%>';

This will fix your issue.

Answer 2

window.open('About.aspx?mem_ID'

should be

window.open('About.aspx?mem_ID='

BUT, you don't want to transfer it like that as it will expose sensitive data to an attacker via the url: either check the id on the server side when it's first received or else store it in session state when the user logs in.

update:

your child page:

var id = <%=Request["mem_ID"]%>

should be

var id = "<%=Request["mem_ID"]%>";

Also... attackers can be internal too... for an internal app, session state is the simplest way to implement basic cross-page data integrity.