Types of State Management
- Client-side state management
- View state. Enabled by default, can be turned off at page-level
- Control state. Similar to View state except that it’s at control-level
- Hidden fields.
- Cookies. Small piece of text, can be expired, can be refused by users/browsers
- Query strings. Attached to URL, used by HTTP GET.
- Server-side state management
- Application state. Application wide, multiple users.
- Session state. Application wide, single user, can expire, configured by web.config
- Profile Properties. Similar to session state, but profile data is not lost when session ends.
- Database support.
When To Use What?
Consider these criteria:
- How much information do you need to store?
- Does the client accept persistent or in-memory cookies?
- Do you want to store the information on the client or on the server?
- Is the information sensitive?
- What performance and bandwidth criteria do you have for your application?
- What are the capabilities of the browsers and devices that you are targeting?
- Do you need to store information per user?
- How long do you need to store the information?
- Do you have a Web farm (multiple servers), a Web garden (multiple processes on one machine), or a single process that serves the application?
|View state||Use when you need to store small amounts of information for a page that will post back to itself. Using the ViewState property provides functionality with basic security.|
|Control state||Use when you need to store small amounts of state information for a control between round trips to the server.|
|Hidden fields||Use when you need to store small amounts of information for a page that will post back to itself or to another page, and when security is not an issue.Note
You can use a hidden field only on pages that are submitted to the server.
|Cookies||Use when you need to store small amounts of information on the client and security is not an issue.|
|Query string||Use when you are transferring small amounts of information from one page to another and security is not an issue.Note
You can use query strings only if you are requesting the same page, or another page via a link.
|Application state||Use when you are storing infrequently changed, global information that is used by many users, and security is not an issue. Do not store large quantities of information in application state.|
|Session state||Use when you are storing short-lived information that is specific to an individual session and security is an issue. Do not store large quantities of information in session state. Be aware that a session-state object will be created and maintained for the lifetime of every session in your application. In applications hosting many users, this can occupy significant server resources and affect scalability.|
|Profile properties||Use when you are storing user-specific information that needs to be persisted after the user session is expired and needs to be retrieved again on subsequent visits to your application.|
|Database support||Use when you are storing large amounts of information, managing transactions, or the information must survive application and session restarts. Data mining is a concern, and security is an issue.|
Advantages of Client Side State Management
- Better scalability
- Support for multiple browser
Advantages of Server Side State Management
- Better security
- Reduced bandwidth
- A Beginner’s Tutorial on ASP.NET State Management
- ASP.NET State Management Overview
- ASP.NET State Management Recommendations