Вы находитесь на странице: 1из 25


(viewstate, hidden field, control state, cookies & querystring)

What is the need of State Management ?

Let us assume that someone is trying to access a

banking website and he has to fill a form. So the person fills the form and submits it. After submission of the form, the person realizes he has made a mistake. So he goes back to the form page and he sees that the information he submitted is lost. So he again fills in the entire form and submits it again. This is quite annoying for any user. So to avoid such problems "STATE MANAGEMENT" acts as a savior for developers like us.


State Management can be defined as the technique or the way by which we can maintain / store the state of the page or application until the User's Session ends.

State Management Techniques

ASP.NET provides us with 2 ways to manage

the state of an application. It is basically divided into the 2 categories:

Client Side State Management Server Side State Management

Client Side State Management It is a way in which the information which is being added by the user or the information about the interaction

happened between the user and the server is stored on the client's machine or in the page itself. The server resources (e.g. server's memory) is not at all utilized during the process.

This management technique basically makes use of the following: View State Control State Hidden Fields Query String Cookies

View State
View State can be used to maintain the State at a page level/application level/control level.

The term "Page Level" means that the information is being stored for a specific page and until that specific page is active (i.e. the page which is being currently viewed by the user).
Once the user is re-directed or goes to some other page, the information stored in the View State gets lost. It basically makes use of a "Dictionary Object" to store data, which means that the information is stored in a key and value pair.


stores this information in a Hidden field on the page itself in a hashed format. > A View State can store a string value only of a specific length. If the length is exceeded then the excess information is stored in another hidden field. View state is the default way for storing the page or the control's information. Typically the View State is used, when we want a user to be re-directed to the same page and the information being added by the user remains persistent until the user is on the same page.

View State Settings

View State is customizable . We can set the View State at various levels like:

1. Setting View State at Application Level - If we want our pages in the Application to use view state, then we can enable it in the web.config file, as shown in the Code below. <configuration> <system.web> <pages enableViewState="true"> <compilation debug="false" targetFramework="4.0" /> </pages> </system.web> </configuration>

2. Setting View State at Page Level - If we want a specific page to use View State, then we can enable it in the @ Page Directive which is the first line of our aspx page. <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" EnableViewState="true"%>

3. Setting View State at Control Level - If we want a specific control to use View State, then we can enable it at a Control Level as follows:
<asp:TextBox ID="TextBox1" runat="server" EnableViewState=true></asp:TextBox>

Advantages of using a View State 1.It is very simple to use. 2.Data is stored in hashed format and hence a layman won't be able to understand the value of the View State (It still can be hacked by Hackers, so to make it more secure we should try to store the value in an encrypted format.). 3.It is customizable .

Disadvantages of using a View State

1.Information is not encrypted, so it can be easy for a Hacker to get its value. 2.Cannot be used to store sensitive data (eg: Passwords, Credit Card Pins, etc). 3.Might make a page heavy if lots of data is stored in View State.

Control State
Control state stores data which is stored in the

controls, they are as same as view state, but it is dedicated for controls. The ControlState property allows us to persist information as serialized data. The wiring is not automatic. We must program the persisted data each round trip
The ControlState data is stored in hidden fields

* The ControlState property allows us to persist property information that is specific to a control and cannot be turned off like the ViewState property.

Use control state only for small amounts of critical data that are essential for the control across postbacks. Do not use control state as an alternative to view state.

Hidden Field
ASP.NET provides a server control called "Hidden Field" which can be used to store a value at a page level, which is similar to a View State.

The value of the Hidden Field is sent along in the HTTP Form Collection along with the value of other controls.
Hidden form fields keep information, not visible in the

Web page, sent on form submit . ASP.NET Hidden Field is a control, which renders as a standard HTML hidden field A hidden field acts as a repository for any page-specific information that you want to store directly in the page. Not visible in the browser, but you can use it to store information directly in the page

A Hidden Field stores a value at a Page Level. A HiddenField control stores a single variable in its Value property and must be explicitly added to the page. <asp:hiddenfield id="ExampleHiddenField" value="Example Value" runat="server"/> IMP NOTE:-In order for hidden-field values to be available during page processing, you must submit the page using an HTTP POST command. If you use hidden fields and a page is processed in response to a link or an HTTP GET command, the hidden fields will not be available.

1.Very simple to use. 2.Hidden Fields store the value in the page itself, hence do not use server resources

1.Will make a page heavy, if too many Hidden Fields are used to store data. 2.Cannot store sensitive data, as the value that is stored is neither hashed, nor encrypted. 3. It is easy for a malicious user to see and modify the contents of a hidden field.

Query String
Also known as Parameterized Addresses. Query strings are just strings appended to a URL. All browsers support them and no server resources

are required. Setting the parameters in the URL of a page after the ?sign: http://asp.net/getstarted/default.aspx?tabid=61 Reading a query parameter: string selectedTabID = Request.QueryString["tabid"];

* Used to pass data from one page to another.

* Query strings provide a simple but limited way to maintain state information * Its almost weightless in the request & response because it couldn't handle objects of huge data . * It is Insecure, because malicious user can copy or change the address

Q. What is a Cookie ? A. * A small piece of information (up to 4KB) *Sent to a browser by the Web server *Saved locally at the client as a text file *Sent by the browser in all subsequent requests

Cookie Properties
Cookies in ASP.NET are represented by HttpCookie objects * Expires ~Sets when the validity of the cookie expires *Domain ~A domain to which the cookie belongs *Path ~Sets the top level directory to which the cookie belongs

Working With Cookies

*For Web applications System.Web.HttpCookie * For client applications System.Net.Cookie * HttpRequest.Cookies contains the cookies received by the server * HttpResponse.Cookies contains the cookies sent to the client

There are 2 ways of assigning / storing values in cookies.

1. Using the Request Object protected void Button1_Click(object sender, EventArgs e) { this.Request.Cookies["Username"].Value= TextBox1.Text.Trim(); } have made use of the Request object. The Cookies property of the HTTPResponse Object and the HTTPRequest Object can be used to assign values to the Cookies Collection and get values back from the Collection. We can also store multiple values in a cookie.

2. Using the HTTPCookies Object protected void Button1_Click(object sender, EventArgs e) { HttpCookie mycookie = new HttpCookie("Username", TextBox1); mycookie["Age"] = "22"; mycookie.Expires.AddHours(2); Response.Cookies.Add(mycookie); } Another way of adding values to a cookie is using the "HTTPCookie" class. Its constructor takes either 1 or 2 parameters. If you want your cookie to expire after a specified time then you can even set the expiration date for that cookie. And the last line "Response.Cookies.Add(myCookie)" will add that cookie to the Cookies Collection.

* Creating a cookie that will be sent to the client Web browser : HttpCookie cookie = new HttpCookie("UserName", "baj.ivan"); Response.Cookies.Add(cookie);

* Reading a cookie received at the server:

HttpCookie cookie = Request.Cookies["UserName"];

1.Very easy to use. 2.Stored on the client's machine, hence no server resources are utilized.

1.A user can disable cookies using browser settings. 2.Since the cookies are stored on the client's machine, there are chances that if the client's machine is hacked then the hacker can view these cookie values. Hence we should not store sensitive information in cookies.

Thank You !!!!!!