Skip to main content

Encoded URLs

Perhaps you are wondering if making this sort of information visible in a URL is such a good idea. Exposing film IDs probably doesn't make much difference, but bank account numbers would be a different story.

Fortunately, Caché can automatically encode data in URLs when a page is sent to the browser and, subsequently, authenticates that data when another page request is received.

Here's what a URL for the ShowTimes page really looks like. (In the preceding examples, encoding was turned off.)

generated description: encodedurls 20111

Instead of FilmID=5, we see CSPToken=jnjrXmwbH...generated description: little1.gif. This ensures that the user does not tamper with the values or use them to infer internal details of the application.

FeedbackOpens in a new tab