URL rewriting and passing variables, sans the visible query string
In a blog post I did last December, I mentioned how the new trend for advanced web development seems to be migrating away from visible query string name/value pairs, towards IDs and keys included within the URL itself. This got a lot of great exposure, and correlated with the thoughts and code of ASP.NET community heavy-hitters like Steve Smith, Scott Mitchell and Rob Chartier, whose respective takes on performing progressive URL surgery can really make a site work better, as far as user psychographics are concerned.
My basic premise was from a usability standpoint, its ugly as sin to have so many variables and appended values, ampersands and question marks. Others have since chimed in with the security benefits/risks of embedding values within the URL directly. Granted, no self-respecting ASP.NET dev would hard-code in username/password combinations directly into the URL, but it's certainly possible.
For example, here's the canonical example of how employing the URL rewriting features baked right into the .NET Framework can help:
User-Visible URL
------------------------
http://bogusphonedirectory.com/8675309
Actual URL loaded by browser
-------------------------------------
http://bogusphonedirectory.com/get_resident_phone_number?id=8675309
This really caught on like wildfire throughout the ASP.NET community once articles and evangelism started about the topic. I'd like to add a corollary now, in that one of the benefits of investing in the time and developmental practice to do URL rewriting properly through Context.RewritePath()/Context.RewriteUrl() is that so many more variables can now be passed to the calling page via the query string, being free (and arguably safe) from snooping eyes:
Actual URL loaded by browser w/additional variables
----------------------------------------------------
http://bogusphonedirectory.com/get_resident_phone_number?id=8675309&monthFilter=4&city=losangeles&attendant=tommytutone
This may be a “like, D-UH!“ factor to experienced developers, but is something I've seen many people neglect in their application design. This really opens up a new galley of possibilities for developers.