ASP.NET State Management techniques

State management is the process by which you maintain state and page information over multiple requests for the same or different pages. As is true for any HTTP-based technology, Web Forms pages are stateless, which means that they do not automatically indicate whether the requests in a sequence are all from the same client or even whether a single browser instance is still actively viewing a page or site. Furthermore, pages are destroyed and recreated with each round trip to the server; therefore page information will not exist beyond the life cycle of a single page.

Unlike a client-server application, there is no automatic storage of information from the previous browser page. Therefore the ASP.Net developer has to take steps to save important information from the post-back to the server.

In ASP.NET we have 4 methods of client state management.

  1. Query String
  2. Cookies
  3. Hidden Fields
  4. View State

and 3 methods for server state management

  1. Application state
  2. Session state
  3. Database

Client-Side State Management

The information is stored on the client side/browser without using the server resources. This type of implementation faster the whole process. The Implementation is very easy too.

In this technique, the page information is stored with the URL.The  URL, with a question mark ?, followed by a key-value pair. The main disadvantage is we can store a limited size of data.

A cookie is a small amount of data stored either in a text file on the client’s file system or in-memory in the client browser session. Cookies are mainly used for tracking data settings. The main disadvantage is users can disable cookies in their browsers.Hidden

Hidden fields are HTML controls, but are not visible to the user. It is the best way to store small amounts of frequently changed data on the client. The disadvantage is hidden field can be tampered with. The information in the hidden field can be seen if the page output source is viewed directly, creating a potential security issue.

Web Forms pages provide the ViewState property as a built-in structure for automatically retaining values between multiple requests for the same page. View state is maintained as a hidden field in the page. ViewState has advantages the other 3 methods don’t have. One of the most important is the ability of ViewState to support structured data. This means that control values are maintainable across page postbacks.The main disadvantage is we can’t persist data across multiple pages.

Server-Side State Management

The data in Server-side state management will be stored in the server. So the security will be very high.

Application State
The Application object provides a mechanism for storing data that is accessible to all code running within the Web application, The ideal data to insert into application state variables is data that is shared by multiple sessions and does not change often. And just because it is visible to the entire application, you need to used Lock and UnLock pair to avoid having conflict values.

Session State
ASP.NET provides a session state, available as the HttpSessionState class, as a method of storing session-specific information that is visible in the session only. Each active ASP.NET session is identified and tracked using a 120-bit SessionID string containing URL-legal ASCII characters. SessionID values are generated using an algorithm that guarantees uniqueness so that sessions do not collide, and SessionID’s randomness makes it harder to guess the session ID of an existing session.


In some cases, you may wish to use database support to maintain state on your Web site. Typically, database support is used in conjunction with cookies or session state. For example, it is quite common for an e-commerce Web site to maintain state information using a relational database for the following reasons:

  • Security
  • Personalization
  • Consistency
  • Data mining

Leave a Comment