StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
14641145
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2013-02-01T06:49:36.347
FavoriteCount
0
LastActivityDate
2017-05-08T22:08:02.533
LastEditDate
2017-05-08T22:08:02.533
LastEditorUserId
159270
OwnerUserId
159270
ParentId
14641143
PostTypeId
2
Score
5
ViewCount
0
LastEditorDisplayName
text
Body
You must call the redirect always with <code>endRespose=true</code> or else any hacker can see whats on the page by simple hold the redirect. To prove that I use the <a href="https://addons.mozilla.org/en-us/firefox/addon/noredirect/" rel="nofollow noreferrer">NoRedirect</a> plugin for Firefox to hold the redirect. Then I test the two cases and here is the results: I have a simple page with that text inside it <pre><code><form id="form1" runat="server"> <div> I am making a redirect - you must NOT see this text. </div> </form> </code></pre> and then on Page load try to make the redirect with both cases: First case, using the Complete Request(); <pre><code> try { // redirect with false that did not throw exception Response.Redirect("SecondEndPage.aspx", false); // complete the Request HttpContext.Current.ApplicationInstance.CompleteRequest(); } catch (Exception x) { } </code></pre> and there boom, you can see whats inside the page ! <img src="https://i.stack.imgur.com/4ku7X.gif"> And second case <pre><code>try { // this is throw the ThreadAbortException exception Response.Redirect("SecondEndPage.aspx", true); } catch (ThreadAbortException) { // ignore it because we know that come from the redirect } catch (Exception x) { } </code></pre> Nothing shown now. <img src="https://i.stack.imgur.com/Ko6vz.gif"> So if you do not like a hacker to see whats on your page, you must call it with endResponse to true and stop what other processing is made -eg return from function and not continue. If for example you check if the user is authenticated he can see that page or if not he must redirect to login, and even in the login if you try to redirect him with endResponse to false, then holding the redirect the hacker can see - what you believe that can not because you use the Redirect. My basic point here is to show the security thread that exist if you are not stop to send data back to the browser. The redirect is a header and instruction to the browser, but at the same time you need to stop send any other data, you must stop send any other part of your page.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. PORedirect to a page with endResponse to true VS CompleteRequest and security thread
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USAristos
UserOwnerUserId
1. USAristos
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. PORedirect to a page with endResponse to true VS CompleteRequest and security thread
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.