I have a in sharing the values between the pages. The cookies are been disable. Hence can't use session variables. Apart from session one way to do the same is to have the hidden field in all the pages and keep on posting the hidden field between the fields. But there is a problem in doing so. Any one can see the values stored in the hidden field through the VIEW SOURCE.
Kinldy suggest me the best possible way to accomplish the same.
NOTE: also keep in mind that there will be heavy load on the server by the same application. Load in the sence, lot many users will be logged into the system.
The requirement frlom the client side says that the vaules should not be visible to the user through VIEW SOURCE or any other mean. They have also asked not to use Sessions as cookies can be disabled on the user machine....
Thanks for the suggestion mate, but the user / client doesn't want to change the DB schema. It is an existing application and the current package runs through session object only. All that client want is to have some alternative of holding the data apart from session object
Best way is to create a cookie/session. Then check if the cookie/session is created successfully or not and then if not created successfully, ask the user to enable cookies for it. This is the way all top and big sites like MSN.com, hotmail.com operates. Every alternate way will increase the trips to either database or file systems which will put negative impact on the application's performance.
Use Database Table. You can create a separate database table only for this purpose, not touching existing database schema. Here you can make every session variable in a separate field with username or id corresponding to the current user. Also introduce an autonumber/ numeric field with auto-increment = recordId. Then you have to grab the last records from database using a query like this: select Top 1 fieldname1, fieldname2 from tableName where userId = 12345 order by recordId desc.
The same above database technique can be applied using file system. You can create a text file and put everything inside it rather than table. However, you have to read the text file everytime and in some cases you might have to read a BIG part of the text file to get the last record. This would put bad effect to the performance. Also security wise its not a good idea as there are a lot of crawlers using them people can detect your text file. Also its not a good idea to give un-necessary write permissions. Always a WELCOME-to-HACKERZ.
So bottom line - better to use first or second option. Third option should only be used if first two are not possible.