State Management


  • The ViewState property provides a dictionary object for retaining values between multiple requests for the same page only.
  • ViewState is lost if the user visits a different Web page, so it is useful only for temporarily storing values. They are saved in hidden fields.
  • The viewstate for all of the controls on the page will be stored in a single hidden control called __VIEWSTATE.

<input type=”hidden” name=”__VIEWSTATE” id=”__VIEWSTATE” value=”/wEPDwUKMTIxNDIyOTM0Mg9kFgICAw9kFgICAQ8PFgIeBFRleHQFEzQvNS8yMDA2IDE6Mzc6MTEgUE1kZGROWHn/rt75XF/pMGnqjqHlH66cdw==” />

We can encrypt viewstate to make it more difficult for attackers. To configure view state encryption:

At Application Level:



<pages viewStateEncryptionMode=”Always”/>



At Page level:

<%@ Page AutoEventWireup=”true” CodeFile=”Default.aspx.cs” Inherits=”_Default” ViewStateEncryptionMode=”Always”%>

View State is enabled by default, but we can disable it by setting the EnableViewState property for each web control to false.

Data Types You Can Store in View State



Boolean values

Array objects

ArrayList objects

Hash tables

Custom ViewState

ArrayList PageArrayList;

//Get value from ViewState

if (ViewState[“PageArrayList”] != null)


PageArrayList = (ArrayList)ViewState[“arrayListInViewState”];


//To saves into ViewState

ViewState.Add(“arrayListInViewState”, PageArrayList);


A query string is information sent to the server appended to the end of a page URL.

Benefits: –

• No server resources are required. The query string containing in the HTTP requests for a specific URL.

• All browsers support query strings.

Limitations: –

• Query string data is directly visible to user thus leading to security problems.

• Most browsers and client devices impose a 255-character limit on URL length.

If you have more than one query string then using “&” sign.


We can use the above queryString in C# as:

string loginType = Request.QueryString[“type”]

string userid = Request.QueryString[“uid”]

To access QueryString using javascript:


1. Persistent cookies are stored in text file at the client side. Non-Persistent cookies are stored in the RAM at client.
2. They are permanent cookies. They are destroyed when the browser is closed.
3. Session Id is not stored in them. Session Id is stored in non-persistent cookies.

Leave a comment

Filed under .Net

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s