Since HTTP is stateless protocol, all information associated with the page and the controls on the page would be lost with each round trip between client to server.
To overcome this limitation, ASP.NET includes several options that help you preserve data on page basis and an application basis.
There are basically 2 types of state management in ASP.NET:
- Server side state management
- Client side state management
Server side state management:
Session state is stored in the Session key/value dictionary. Session is maintained per user. You can save session either in-proc, on state server or on SQL server which can be configured through web.config file.
Like session state does, an Application state is also stored in a key/value dictionary that is created during each request to a specific URL.
ASP.NET provides 3 events that resides in Global.asax which enable you to handle application events namely Application_Start, Application_End and Application_Error.
Client side state management:
This saves all the values of the controls from the page on the webpage between a page request. This means, viewstate of 1 page can not be accessible in some other page (Latest version of .net framework supports accessing viewstate of 1 page into some other page). When the page is processed, the current state of the page is hashed into a string and saved in the page as a hidden field.
You may know that viewstate can be disabled from page. But suppose if we are working on a control and need to store control-state data in order for a control to work properly. In such cases, if we disable viewstate from the page, control will not function properly. To overcome this, control state is introduced. The Control State property allows you to persist property information that is specific to a control and cannot be turned off like the ViewState.
ASP.NET allows you to store information in hidden fields. We can see value of a hidden field by viewing the HTML source code of a page. Since hidden fields are stored in plain text, it is recommended not to store sensitive information in it.
A cookie is just a plain text file, used by a browser & server to read and write values from it. We can store a small pieces of information in it. Again as it is a plain text file, it is recommended not to store sensitive information in it as user can manipulate it.
A query string is data/information that is appended to the end of a page URL. It can be used to pass information from one page to another to even in the same page. It provides a simple but limited way to maintain state information as some browsers/client devices impose a 2083 character limit on the length of the URL. Since querystring is exposed to user, it is recommended not to store sensitive information in it.