Wednesday, May 18, 2011

State Management in ASP.Net

Whenever a page is posted to the server, a new instance of the Web Page’s class is created. This means that all the page/control related information will be lost after the post back. To overcome this obstacle, provides several options to help preserve this data.


There are 2 types of State Management approach in :
 Client – Side State Management 
  1.      View State
  2.      Control State
  3.      Hidden Fields
  4.      Cookies
  5.      Query String

Server – Side State Management 
  1.      Application State
  2.      Session State
  3.      Profile Properties

(1.A) View State
View State is the mechanism that allows state values to be preserved across page postbacks. Because of the stateless nature of the web pages, regular page member variables will not maintain their values after postback.
When we need a page variable to maintain its value across page post backs, we can use ViewState to store that value. Values stored in ViewState will be serialized and sent to the client browser as a value of a hidden form input.  When you view the page source (in your browser) of your page  you will find that it uses View State, which looks something like this:

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/XGSYsks93j580......." /> 

This single hidden field contains all the viewstate values for all the page controls. 
Because viewstate is (by default) sent to the client browser and then returned to the server in the form of a hidden input control on your page, storing a significant amount of data in viewstate can increase your page size and can affect your page performance.
To disable ViewState for a control, you can set the EnableViewState property to false.  When ViewState is disabled for any control, it will also automatically be disabled for all child controls of that control. 

<asp:Label ID="myLabel" runat="server" EnableViewState="false"></asp:Label>

ViewState["yasser"]  = myValue;

A.      Easy to store and maintain page level data.
B.      Can be set at control level.
C.      Encrypted.
A.      Makes a page heavy, if a good amount of data is stored into it.

(1.B) Control State:
  • Control state was introduced in ASP.NET version 2.0.
  • It is similar to View State, but is functionally independent of the View State.
  • A developer can disable view state for a page or for an individual control for performance reasons.
  • However, control state cannot be disabled.
  • Control state is designed for storing a control's essential data (such as a GridView's Page Index) that must be available on postback to enable the control to function even when View State has been disabled. 
  • By default, the ASP.NET page framework stores control state in the page in the same hidden element in which it stores view state.
Eg: If you have written a custom control which has different tabs, where each tab is showing different information. Now in order for that control to work as expected, the control needs to know which tab was selected between round trips to the server. The ViewState property can be used for this purpose, but ViewState can be turned off at a page level by the developers, effectively breaking your control. To solve this, CONTROL STATE can be used.
The ControlState property allows you to persist property information that is specific to a control and it cannot be turned off like the ViewState property.

(1.C) Hidden Fields
  • ASP.NET allows you to store information in a HiddenField control, which renders as a standard HTML hidden field.
  • A hidden field does not render visibly in the browser, but you can set its properties just as you can with a standard control. 
  • When a page is submitted to the server, the content of a hidden field is sent in the HTTP form collection along with the values of other controls.
  • A hidden field acts as a repository for any page-specific information that you want to store directly in the page.
Advantages: Simple to implement.
Disadvantages: It is easy for a malicious user to see and modify the contents of a hidden field.
eg : <input type="hidden" name="__Yasser" id="__Yasser" value=""/>

(1.D) Cookies

  • A cookie is a small amount of data that is stored either in a text file on the client file system or in-memory in the client browser session.
  • It contains site-specific information that the server sends to the client along with the page output.
  • Cookies can be temporary (with specific expiration times and dates) or persistent.
  • You can use cookies to store information about a particular client, session, or application. 
  • The cookies are saved on the client device, and when the browser requests a page, the client sends the information in the cookie along with the request information. The server can read the cookie and extract its value. 
  • A typical use is to store a token (perhaps encrypted) indicating that the user has already been authenticated in your application.
  • The browser can only send the data back to the server that originally created the cookie. However, malicious users have ways to access cookies and read their contents. It is recommended that you do not store sensitive information, such as a user name or password, in a cookie. Instead, store a token in the cookie that identifies the user, and then use the token to look up the sensitive information on the server.
  • A cookie can have a maximum size of 4KB.
  • Response.Cookies["id"].Value = "786";
  • Response.Cookies["id"].Expires = DateTime.Now.AddDays(3);

(1.E) Query String

  • This is the most simple and efficient way of maintaining information across page requests.
  • The information you want to maintain will be sent along with the URL to the server. A typical URL with a query string looks like
  • eg:
  • The URL part which comes after the ? symbol is called a QueryString.
  • QueryString has two parts, a key and a value. In the above example, query is the key and mumbai is its value. 
  • You can send multiple values through querystring, separated by the & symbol. The following code shows sending multiple values to the Home.aspx page.
  • Response.Redirect("Home.aspx?id=786&name=yasser");
  • The following code shows reading the QueryString values using C#
  • string id = Request.QueryString["id"];
  • string name = Request.QueryString["name"];
  • Query string is lightweight and will not consume any server resources. It is very easy to use and it is the most efficient state management technique.
  • You can pass information only as a string.
  • Information that is passed in a query string can be tampered with by a malicious user. Do not rely on query strings to convey important or sensitive data. Additionally, a user can bookmark the URL or send the URL to other users, thereby passing that information along with it.
  • URL length also has some limitations. So you cannot send much information through query string.

(2.A) Application State
(2.B) Session State
(2.C) Profile Properties


Post a Comment


2011 ·Code-Studio by yrus.