TempData: Is It Safe?

Question

I am using the TempData in order to preserve my model in when using a RedirectToAction. It works fine, but I have a nagging feeling that it might not b

Answer 1

I would go, whenever possible, for a fully stateless approach. It's more scalable and is not affected by problems with individual servers. Typically, you can just use a cookie (properly secured against tampering) to identify the user and pull the data from the database every time.

Besides that, I also suggest you to evaluate whether you can use View instead of RedirectToAction. This:

TempData["model"] = model;
return RedirectToAction("SomeAction");

Can be replaced with:

return View("SomeAction", model);

Of course assuming "SomeAction" is a valid view that is accessible from the current controller (it's either a view in the same ctrl or one defined in Shared) and that it's not just an intermediate action that redirects to another one.