An Insight Into The State Management Techniques Offered By ASP.NET

There is a common constraint that can be observed in the functioning of almost all the web applications, which adds to their stateless behavior. It is the intermittent connection between the Server and the Client.

An Insight Into The State Management Techniques Offered By ASP.NET

What happens is, while implementing the HTTP (Hyper Text Transfer Protocol) for communicating over the web, a particular pattern is followed that is known as request and response. This pattern is actually stateless in nature as it doesn’t retains the state of any request or its corresponding response. Therefore whenever a client initiates a request to the web server, the web server creates a completely new object of the request. This ultimately causes interruption in the connection and creates bottlenecks in the performance.

Fortunately, the ASP.NET offers a great solution to overcome this issue with several effective state management techniques for web applications.

Let’s ponder into the amazing offerings of ASP.NET and understand how it helps retain the state of the controls.

It has been observed that when the request and response pattern creates the round trips, the server control value is somehow retailed while the HTML control value is vanished. This is because, the Sever Controls implicitly implement the State Management technique (View State), which has enabled it to retain the states.

ASP.NET offers a number of brilliant state management methods, all of them are meant for different applications. They are basically segregated under two broad categories, namely Client-based State Management and Server-based State Management. Here is a brief introduction to several techniques.

Client-based State Management

In this approach the data is stored on the client’s machine or on the page without involving the server’s resources. This stored data includes all the information related to the interaction between the client and the server. Since, the data is stored at the client’s end, it is more vulnerable to be hacked, thus making the techniques less secure while more scalable.

With this approach, ASP.NET facilitates the below mentioned methods:

1) View State:

This page-level method helps store the information about a particular page until it is active. That is, as soon as the user redirects to another page, all the stored info will get vanished. It thus helps maintain the state at a page level. In this technique, the data is stored in the Dictionary Object form (in the pair of a key and value). All the information is stored in a hashed format on the page itself, but within a hidden field. It can consume a string value but only up to a certain, if the value exceeds, another hidden field is consumed.

With ASP.NET, the View State is the default method that is followed for storing the state for web applications. It is quite simple to implement and is ideal for use when a user is redirected to the same page, and so we need to keep the information persistent until he himself redirects to some other page.

Pros of using View State:

  • Secure the stored info from layman by storing it in the hashed format. In fact to keep it safe from hackers, you can keep the information in an encrypted format.
  • You can customize it as and when desired.
  • It is a great option where you want to implement multiple post backs within a single web page.

Cons of using View State:

  • It is not a safe approach, so sensitive data can’t be stored with it.
  • It may cause overhead problems or increase loading time, by making the page heavy with a lot of info.
2) Cookies:

It offers great customization ease at the client’s side, as cookies are stored either in the memory during the client’s browser session or ao the client’s system. In fact, one can even store the info related to users and track the usage. It possesses a small text file with the maximum size of 4096 bytes, and a client machine can exhibit utmost 300 cookies, while a domain or server can support maximum 20 cookies.

Cookies are further divided into two categories, namely:

Persistent cookie – This kind of cookies exhibit an expiry date and are permanently saved on the hard drive available on the client’s machine. If there is no expiry date corresponding to persistent cookie, it will be considered as a transient or non-persistent cookie.

Non-persistent cookie or Transient cookie – Since, this kind of cookies are stored in the browser memory at client’s end for a temporary amount of time, after that specific time the cookie will get lost.

Pros of using Cookies:

  • It just consumes a few bytes of memory per cookie.
  • Easy and quite simple to use.

Cons of using Cookies:

  • It doesn’t offer a safe approach as it stores the info in client’s machine and thus storing sensitive data is not a viable choice.
  • Any user can disable the cookies by making appropriate tweaks at the browser settings.
3) Hidden Fields:

This is basically a server control, that helps manage the value on a page level and it is a bit similar to a View State. It value is sent via the HTTP Form Collection and along with it the value of other controls is also sent.

Pros of using Hidden Fields:

  • It is quite simple to use.
  • As the value is stored on the page only, the server resources are not used at all. Thus, the Hidden Fields saves the server resources.

Cons of using Hidden Fields:

  • If severals Hidden Fields will be implemented on a page, it will ultimately add weight to the page and make it bulkier and thus increase the page loading time.
  • This approach is not ideal for storing the sensitive data. Since, it doesn’t store the data in an encrypted or hashed format, this technique is not all secure.
4. Application State:

This state is perfect for storing the data that is required to be accessed throughout the application. It occupies the server resources, as it stores the data in the server memory. The Application state is not limited to any particular user or session, rather it is applicable to all the sessions and users. However, in this case the data will be retained only for the time till the application is running, as soon as the application will be terminated or restarted the entire stored data will be lost. In fact, it will also get wasted when a web server will be restarted, as the data is stashed at server’s end.

In the Application State, an object of the HttpApplicationState class is used to store the data. This class is a named object collection, which means that it includes the data of any type. It could be a part of a key/value pair.

Pros of Application State:

  • The Application State has global scope. The data can be accessed anytime when the application is running.
  • There no expiration period by default.

Cons of Application State:

  • Application State requires server resources to store data. This can lead to scalability issues if not handled properly.
  • Application State is not thread safe, so we need to implement Locks.
  • In the case of an application failure or restart, all the stored data is lost.
5. Session State:

This method is most commonly used by several developers for maintaining the application state. In this approach, the value is stored in the form of dictionary collection, that is, it is paired as key and value. Here the server resources are entirely used to store the state of the application. Since, the stored is not passed over to the clients, this technique offers a safe and highly secure method.

In this approach, a separate session with a Unique ID is generated for each user. As this ID is saved on the client’s system, cookies are used for its storage. The Session is killed as soon as the user logs out from the application, and if he returns back to the application in the future, a new session is then created.

It can be used in any of the four modes. Here are the modes:

  • OFF – To deactivate the session, that is, if you are not interested in including the session state in your application, you can set on the OFF mode.
  • InProc – The session variable are stored in this mode by default store. Here, the value is stored in the same process where the ASP.NET application is actually executing. It thus, delivers outstanding performance.
  • State Server – In this mode, the data is stored in a separate process inside the Windows Service. It thus isolates the two processes, one where application is running and second where the data is stored. Hence, its performance is not as good as that in the InProc mode.
  • SQL Server – Here Session data is stored in SQL Server. It’s hard to manage in the InProc mode with multiple server machines. For that, it is better to store the data in the SQL server only, it will make the data centrally accessible to all the machines. This mode offers utmost security, however, it delivers degraded performance.

These five are the most commonly used state management techniques for ASP.NET applications. Integrate that technique in your application which can ensure complete security to the data and speedy performance.

Visit us at



Leave a Comment