Hello, Im new in ASP.NET and have been reading about state management and have a couple of questions, it be great if someone could help me understand.

Im having trouble understanding the use of ViewState.
It is only limited to the current page, what kind of typical/common use would it be if you are storing information that is only limited to the page you are currently viewing?

Cookies are commonly used for storing preferences and the book warns that it is insecure and modified by users and also easily found. How come many websites store user name and password in cookies?

I understand that Session State is commonly used for shopping cart usage but Session State uses cookies and as I mentioned above isnt cookies insecure? Or does it only store in cookies the session ID?
I also read that session state can also be stored in SQL server, is this option more preferred?

Thanks for your help in answering these questions.

8 Years
Discussion Span
Last Post by greeny_1984

Hi there
Web form pages are HTTP-Based, they are stateless, which means they don’t know whether the requests are all from the same client, and pages are destroyed and recreated with each round trip to the server, therefore information will be lost, therefore state management becomes an important issue for a programmer

The two types of state management techniques are
1) Client-side state management in which data will be stored in the client machine to client browser
(ViewState, Cookies, QueryString and HiddenField)

2) Server-side state management in which data will be stored in the server machine and therefore is more secure
(Application State and Session State)

Now to your question about view state:

Each control on a Web Forms page, including the page itself, has a ViewState property, it is a built-in structure for automatic retention of page and control state, which means you don’t need to do anything about getting back the data of controls after posting page to the server. We normally use it to save information between round trips to the server.

Note that viewstate data is stored in client machine in compressed and encrypted form. So they have a some amount of (limited) security.

On the other hand a Cookie is a small amount of data stored either in a text file on the client's file system or in-memory in the client browser session. Cookies are mainly used for tracking data settings. For example: say we want to customize a welcome web page, when the user request the default web page, the application first to detect if the user has logined before, we can retrieve the user informatin from cookies:

Again Cookies are also stored in encoded

Session object can be used for storing session-specific information that needs to be maintained between server round trips and between requests for pages. Session object is per-client basis, which means different clients generate different session object.The ideal data to store in session-state variables is short-lived, sensitive data that is specific to an individual session.

Each active ASP.NET session is identified and tracked using a 120-bit SessionID string containing URL-legal ASCII characters. SessionID values are generated using an algorithm that guarantees uniqueness so that sessions do not collide, and SessionID’s randomness makes it harder to guess the session ID of an existing session.
SessionIDs are communicated across client-server requests either by an HTTP cookie or a modified URL, depending on how you set the application's configuration settings.

If you set the cookieless attribute of the sessionState element to "true" in your web.config to make your session cookieless

Before you go any further into session state in Sql Server, I recommend you to completly understand the overview first

Try this link for an overview about State Management


This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.