October 07, 2005

Web Forms State Management Part1: Client-Based State Management Options

Web pages are recreated each time the page is posted to the server. For example, if a user enters information into a text box, that information would be lost in the round trip from the browser or client device to the server. To overcome this inherent limitation of traditional Web programming, the ASP.NET page framework includes various options to help you preserve changes — that is, for managing state. The page framework includes a facility called view state that automatically preserves property values of the page and all the controls on it between round trips. However, you will probably also have application-specific values that you want to preserve. To do so, you can use one of the state management options.Client-Based State Management Options: - Storing information either in the page or on the client computer.
1. View State: - When the page is processed, the current state of the page and controls is hashed into a string and saved in the page as a hidden field. When the page is posted back to the server, the page parses the view state string at page initialization and restores property information in the page.To store information in view state: - ViewState["Time"] = DateTime.Today.ToLongDateString();
To retrieve information from view state: - Response.Write( (string) ViewState["Time"]);The advantages of using view state are:
- No server resources required. The view state is contained in a structure within the page code.
- Simple implementation.
- Automatic retention of page and control state.
- Enhanced security features. The values in view state are hashed, compressed, and encoded for Unicode implementations, thus representing a higher state of security than hidden fields have.
The disadvantages of using the view state are:
- Performance. Because the view state is stored in the page itself, storing large values can cause the page to slow down when users display it and when they post it.
- Security. The view state is stored in a hidden field on the page. Although view state stores data in a hashed format, it can be tampered with. The information in the hidden field can be seen if the page output source is viewed directly, creating a potential security issue.
2. Hidden Form Fields: - A hidden field does not render visibly in the browser, but you can set its properties just as you can with a standard control. When a page is submitted to the server, the content of a hidden field is sent in the HTTP Form collection along with the values of other controls.
Note: If you use hidden fields you must submit your pages to the server using the HTTP POST method rather than requesting the page via the page URL (the HTTP GET method).
The advantages of using hidden fields are:
- No server resources are required. The hidden field is stored and read from the page.
- Broad support. Almost all browsers and client devices support forms with hidden fields.
- Simple implementation.
The disadvantages of using hidden fields are:
- Security: - The information in the hidden field can be seen if the page output source is viewed directly
- Limited storage structure. Hidden fields offer a single value field in which to place information. To store multiple values, you must implement delimited strings and the code to parse those strings.
- Performance. Storing large values can cause the page to slow down
3. Cookies: - Useful for storing small amounts of frequently changed information on the client.
Note: Cookies are often used for personalization, where content is customized for a known user. In most of these cases, identification is the issue rather than authentication, so it is enough to merely store the user name, account name, or a unique user ID (such as a GUID) in a cookie and use it to access the user personalization infrastructure of a site.
The advantages of using cookies are:
- No server resources are required. It is stored on the client.
- Simplicity. The cookie is a lightweight, text-based structure with simple key-value pairs.
- Configurable expiration. The cookie can expire when the browser session ends, or it can exist indefinitely on the client computer, subject to the expiration rules on the client.
The disadvantages of using cookies are:
- Limited size. Most browsers place a 4096-byte limit on the size of a cookie
- User-configured refusal. Some users disable their browser or client device's ability to receive cookies
- Security. Users can manipulate cookies on their computer
- Durability. The durability of the cookie on a client computer is subject to cookie expiration processes on the client and user intervention.

Set Cookies HttpCookie MyCookie = new HttpCookie("LastVisit");
DateTime now = DateTime.Now;

MyCookie.Value = now.ToString();
MyCookie.Expires = now.AddHours(1);

Response.Cookies.Add(MyCookie);

4. Query Strings: - is information appended to the end of a page's URL. They are an easy way to pass information from one page to another page where it will be processed. Note Query strings are a viable option only when a page is requested via its URL. You cannot read a query string from a page that has been submitted to the server.
The advantages of using query strings are:
- No server resources required.
- Broad support. Almost all browsers and client devices support passing values in a query string.
- Simple implementation.
The disadvantages of using query strings are:
- Security. The information in the query string is directly visible to the user via the browser user interface. - Limited capacity. Most browsers and client devices impose a 255-character limit on URL length.

No comments:

Post a Comment