ASP.NET State Management - Viewstate VS Session Variables
ViewState
vscount.aspx
private int count;
protected void Page_Load(object sender, EventArgs e)
{
count = Convert.ToInt32(ViewState["count"]);
}
protected void btnCount_Click(object sender, EventArgs e)
{
count++;
ViewState["count"] = count;
lblView.Text = ViewState["count"].ToString();
}
protected void btnView_Click(object sender, EventArgs e)
{
Response.Redirect("sesview.aspx");
}
sesview.aspx.cs
Response.Write(ViewState["count"]);
private int count;
protected void Page_Load(object sender, EventArgs e)
{
count = Convert.ToInt32(ViewState["count"]);
}
protected void btnCount_Click(object sender, EventArgs e)
{
count++;
ViewState["count"] = count;
lblView.Text = ViewState["count"].ToString();
}
protected void btnView_Click(object sender, EventArgs e)
{
Response.Redirect("sesview.aspx");
}
sesview.aspx.cs
Response.Write(ViewState["count"]);
1) View state values are accessible only with the same page, if you call other (sesview.aspx) page, those values are not accessible.
Count page is showing the value and the other page (sesview.aspx) is not displaying any value.
Go to the browser page source, you can see the "_VIEWSTATE" hidden field. get the hidden value, go to the Ignatu.co.uk website, copy it and
see the value (decoded value).
2) Viewstate information is stored in the client side in the hidden fields
3) Viewstate data is base64 encoded, so it is not safe to store any kind of sensitive information.
For example, if i store password, any body can easily decode the base64 encoded value. Base64 is not a encryption value.
Session Variables
sescount.aspx
private int count;
protected void Page_Load(object sender, EventArgs e)
{
count = Convert.ToInt32(Session["count"]);
}
protected void btnCount_Click(object sender, EventArgs e)
{
count++;
Session["count"] = count;
lblView.Text = Session["count"].ToString();
}
protected void btnView_Click(object sender, EventArgs e)
{
Response.Redirect("sesview.aspx");
}
sesview.aspx.cs
Response.Write(Session["count"]);
private int count;
protected void Page_Load(object sender, EventArgs e)
{
count = Convert.ToInt32(Session["count"]);
}
protected void btnCount_Click(object sender, EventArgs e)
{
count++;
Session["count"] = count;
lblView.Text = Session["count"].ToString();
}
protected void btnView_Click(object sender, EventArgs e)
{
Response.Redirect("sesview.aspx");
}
sesview.aspx.cs
Response.Write(Session["count"]);
1) Session variables can be accessed across pages.
2) Where does session variable store the data?
When use session variables, the actual data gets stored on the server
When use view state, the actual data gets stored on the client side inside the hidden field in the browser.
How does server identifies who's data is who's?
Session is private to a user, if data's getting stored on the server, server uses http protocol, definitely it doesn't know who's data is who's, but ASP.net taken care of this. For every user, ASP.net creates the key and with these key it identifies who's data is who's
Asp.net engine stores all the session variables on the server, but then it sends this key to browser or end user, this keys stores inside the the cookie file, cookie is nothing but just simple text file, which is created in the browser folder.
Go to browser (FF), select options, select privacy, select 'remove individual cookies', search 'localhost', you can see the ASP.NET_SessionID cookie name.
'Content' is the key, the key will be used to locate which data belongs to the client. So When this browser makes again connection to the server, this key also send with that request. So the server sees the key, and say yes, this is the key, this is the data which belongs to this key.
Session data is stored on the server and keys are stored in cookies files.
Session variable stores all the date on the server but one key send to the client side which resides in the cookie file and using the key to corelate the who'data is who's.
What if the end user goes and disable the cookie?
if the end user disable the cookie. Session varialble will not work
Click the count, it won't increment, so site will not function proper way.
how will session variable function?
There is one more method, go to web.config file, add <sessionState cookieless="AutoDetect"/>
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<sessionState cookieless="AutoDetect"/>
</system.web>
</configuration>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<sessionState cookieless="AutoDetect"/>
</system.web>
</configuration>
If the browser cookie is enable, then it is fine. if not, then go ahead and ensure that you send this data from the url.
Now You can see , the url is something different. how url is manipulated?
If cookie is disabled then the session id key passed via query string.
3)As data is stored on server, this is more secure compare to ViewState.
4)we can view ViewStateas a client side State manamgent techniques, We can view Session as a server side State management techniques
| Data Storage location | Browser hidden fields | On Server |
| Accessible | In the same page | Across pages |
| Uses cookies | no | yes, if cookies disables will use Quest String. |
MS Dynamics CRM Contributor
No comments:
Post a Comment