ASP.NET State Management

In an ASP.NET Web application, information about the current user, his preferences, and the application's current configuration are stored as values of global variables. This information is also stored as controls and properties of objects in memory to be used by the application until it is released or terminated. Such information is collectively referred to as the state of a Web page.

To preserve the state information of a Web page between round-trips or page postbacks, ASP.NET provides a user with several server-based as well as client-based techniques. The process of maintaining the state for a Web page across round-trips or page postbacks is referred to as state management.

The following describes several server-based and client-based techniques for managing state of a Web page:

• Client-based Technique for State Management: Client-based techniques maintain state of a Web page by storing information either on the page or on a client computer. If the information is stored on the client, it is submitted to a Web server by the client with each Web request.
  The following are the client-based techniques for state management:
  
  
  • View State: View state is used to persist changes to the state of a Web page across postbacks. View state data variables are stored as base64-encoded strings in one or more hidden fields. It is accessed by using the ViewState property of a Web page. The property provides a dictionary object and preserves page or control property values between multiple user requests for the same Web page. When a Web page is processed, ASP.NET collects all the current page or control property variables, formats them into an encoded string and saves in the page as a hidden form field named _VIEWSTATE. At the server-side, ASP.NET decodes the view state string during page initialization and restores property information in the page.
    
    However, view state has some drawbacks. It increases the size of the HTML file and the amount of time to load the page. To eliminate these drawbacks, ASP.NET provides a disabling feature that does not enable view state at various levels. However, view state information for a Web page or control is not retained when the view state is disabled at the page level.
  
  
  • Control State: View state information of a custom control for a Web page can be stored by using the ControlState property, instead of using the ViewState property of the Web page. The ControlState property retains control property information during multiple round trips to the server. The control state data is specific to a custom control and is retained even if the view state is disabled at the page level.
  
  
  • Hidden Fields: A hidden field is used to store ViewState state information in a Web page in a HiddenField control. The control is rendered as an HTML element. A hidden field contains information that does not display on a Web page. However, it is sent to the Web server along with the page postbacks.
    
    However, this technique has some drawbacks. Users cannot see the hidden fields on the Web page. Instead, they can only see the values of the hidden fields from the HTML source page. Therefore, only properties can be set in the hidden field. A hidden field can hold only a single value. Therefore, several such hidden fields will be required to store structured values such as records of a customer.
  
  
  • Cookies: A cookie is a client-based technique and is a small packet of information that stores key-value pairs at the client-side. The information is associated with a specific domain and is sent along with the client request on a Web browser. Cookies store preferences of users and provide them with personalized browsing experience.
    
    However, there are some limitations regarding this technique. Most Web browsers restrict the information size in a cookie. Some users do not accept cookies while configuring their browsers whereas, some users request the Web browser to persist cookies only for a specified period, so that the browser cannot use its own rules for cookie expiration. The cookies stored at the client-side are not secure, as a user may tamper with the information received from them.
  
  
  • Query Strings: A query string is a client-based technique that maintains state information stored in a query string by appending it to the URL of a Web page. The actual URL separates the state information by a question mark '?'. The state data is represented by a set of key-value pairs, each of which is separated by an ampersand character. The following is the HTML element tag for a query string on a Web page:
    
    WebPage.aspx?ID=query_string
    
    For example: http://www.amrsaafan.net/query.aspx?FirstName=Amr&LastName=Saafan&City=Cairo&Country=Egypt
    
    The query string technique is simple to use and is widely used when small amount of information is required in a Web page's URL. However, there are certain drawbacks for using this type of technique. Most Web browsers limit the amount of state information in a query string to 256 characters. Data stored in a query string does not support structured data values. Data stored in a query string is also not secured, as it is visible to a user on a Web page.


• Server-based Technique for State Management: Server-based techniques maintain the state of a Web page by storing information on a server. The server stores state information and also tracks the client information by using the client-side techniques for state management.
  The following are server-based techniques for state management:
  
  
  • Application State.
  • Session State.
  • Profile Properties.

Quoted.