| Printable Version
State Management in
ASP.NET
By Eric Zheng
Web form pages are HTTP-Based, they are stateless,
which means they don’t know whether the requests are all from the same
client, and pages are destroyed and recreated with each round trip to the
server, therefore information will be lost, therefore state management is really
an issue in developing web applicationsWe
could easily solve these problems in ASP with cookie, query string, application,
session and so on. Now in ASP.NET, we still can use these functions, but they
are richer and more powerful, so let’s dive into
it.Mainly there are two different ways to
manage web page’s state: Client-side and
Server-side.1.Client-side state
management : There is no information
maintained on the server between round trips. Information will be stored in the
page or on the client’s computer.A.
Cookies.A cookie is a small amount of data
stored either in a text file on the client's file system or in-memory in the
client browser session. Cookies are mainly used for tracking data settings.
Let’s take an example: say we want to customize a welcome web page, when
the user request the default web page, the application first to detect if the
user has logined before, we can retrieve the user informatin from
cookies:[c#]if
(Request.Cookies[“username”]!=null)
lbMessage.text=”Dear
“+Request.Cookies[“username”].Value+”, Welcome shopping
here!”;else
lbMessage.text=”Welcome shopping
here!”;If you want to store
client’s information, you can use the following
code:[c#]Response.Cookies[“username’].Value=username;So
next time when the user request the web page, you can easily recongnize the user
again.
B. Hidden Field
A hidden field does not render visibly in the browser,
but you can set its properties just as you can with a standard control. When a
page is submitted to the server, the content of a hidden field is sent in the
HTTP Form collection along with the values of other controls. A hidden field
acts as a repository for any page-specific information that you would like to
store directly in the page. Hidden field stores a single variable in its
value property and must be explicitly added it to the
page.
ASP.NET provides the HtmlInputHidden
control that offers hidden field functionality.
[c#]
protected
System.Web.UI.HtmlControls.HtmlInputHidden
Hidden1;
//to assign a value to Hidden
field
Hidden1.Value=”this is a
test”;
//to retrieve a value
string
str=Hidden1.Value;
Note: Keep in mind, in order
to use hidden field, you have to use HTTP-Post method to post web page.
Although its name is ‘Hidden’, its value is not hidden, you can see
its value through ‘view source’ function.
C. View State
Each control on a Web Forms page, including the page
itself, has a ViewState property, it is a built-in struture for automatic
retention of page and control state, which means you don’t need to do
anything about getting back the data of controls after posting page to the
server.
Here, which is useful to us is the
ViewState property, we can use it to save information between round trips to the
server.
[c#]
//to save
information
ViewState.Add(“shape”,”circle”);
//to
retrieve information
string
shapes=ViewState[“shape”];
Note:
Unlike Hidden Field, the values in ViewState are invisible when ‘view
source’, they are compressed and encoded.
D. Query Strings
Query strings provide a simple but limited way of
maintaining some state information.You can easily pass information from one page
to another, But most browsers and client devices impose a 255-character limit on
the length of the URL. In addition, the query values are exposed to the Internet
via the URL so in some cases security may be an issue.
A URL with query strings may look like
this:http://www.examples.com/list.aspx?categoryid=1&productid=101When
list.aspx is being requested, the category and product information can be
obtained by using the following
codes:[c#]string
categoryid,
productid;categoryid=Request.Params[“categoryid”];productid=Request.Params[“productid”];Note:
you can only use HTTP-Get method to post the web page, or you will never get the
value from query strings.2.
Server-side state management:Information will
be stored on the server, it has higher security but it can use more web server
resources.
The Application object provides a mechanism for
storing data that is accessible to all code running within the Web application,
The ideal data to insert into application state variables is data that is shared
by multiple sessions and does not change often.. And just because it is visible
to the entire application, you need to used Lock and UnLock pair to avoid having
conflit value.
[c#]
Application.Lock();
Application[“mydata”]=”mydata”;
Application.UnLock();
B. Session object
Session object can be used for storing
session-specific information that needs to be maintained between server round
trips and between requests for pages. Session object is per-client basis, which
means different clients generate different session object.The ideal data to
store in session-state variables is short-lived, sensitive data that is specific
to an individual session.Each active ASP.NET
session is identified and tracked using a 120-bit SessionID string
containing URL-legal ASCII characters. SessionID values are generated
using an algorithm that guarantees uniqueness so that sessions do not collide,
and SessionID’s randomness makes it harder to guess the session ID of an
existing session.SessionIDs are
communicated across client-server requests either by an HTTP cookie or a
modified URL, depending on how you set the application's configuration settings.
So how to set the session setting in application configuration? Ok, let’s
go further to look at it.Every web application
must have a configuration file named web.config, it is a XML-Based file, there
is a section name ‘sessionState’, the following is an
example:<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
source=127.0.0.1;user id=sa;password=" cookieless="false" timeout="20"
/>‘cookieless’ option can be
‘true’ or ‘false’. When it is
‘false’(default value), ASP.NET will use HTTP cookie to identify
users. When it is ‘true’, ASP.NET will randomly generate a unique
number and put it just right ahead of the requested file, this number is used to
identify users, you can see it on the address bar of
IE:http://localhost/Management/(2yzakzez3eqxut45ukyzq3qp)/Default.aspxOk,
it is further enough, let is go back to session
object.[c#]//to
store
informationSession[“myname”]=”Mike”;//to
retrieve
informationmyname=Session[“myname”];
C. Database
Database enables you to store large amount of
information pertaining to state in your Web application. Sometimes users
continually query the database by using the unique ID, you can save it in the
database for use across multiple request for the pages in your
site.
Summary
ASP.NET has more functions and utilities than ASP to
enable you to manage page state more efficient and effective. Choosing among the
options will depand upon your application, you have to think about the following
before making any choose:
- How much information do you need to store?
- Does the client accept persistent or in-memory cookies?
- Do you want to store the information on the client or
server?
- Is the information sensitive?
- What kind of performance experience are you expecting
from your pages?
Client-side state
management summary
|
Method
|
Use when
|
|
Cookies
|
You need to store small amounts of information on the
client and security is not an issue.
|
|
View state
|
You need to store small amounts of information for a
page that will post back to itself. Use of the ViewState property does
supply semi-secure functionality.
|
|
Hidden fields
|
You need to store small amounts of information for a
page that will post back to itself or another page, and security is not an
issue.
Note You can use a hidden field
only on pages that are submitted to the server.
|
|
Query string
|
You are transferring small amounts of information from
one page to another and security is not an issue.
Note You can use query strings
only if you are requesting the same page, or another page via a link.
|
Server-side state management
summary
Method
|
Use when
|
|
Application state object
|
You are storing infrequently changed, application-scope
information that is used by many users, and security is not an issue. Do not
store large quantities of information in an application state
object.
|
|
Session state object
|
You are storing short-lived information that is specific
to an individual session, and security is an issue. Do not store large
quantities of information in a session state object. Be aware that a session
state object will be created and maintained for the lifetime of every session in
your application. In applications hosting many users, this can occupy
significant server resources and affect scalability.
|
|
Database support
|
You are storing large amounts of information, managing
transactions, or the information must survive application and session restarts.
Data mining is a concern, and security is an issue.
|
Developing ASP.NET programme is really funny, once you
jump into it, you can feel the power of it. Next time let us talk about another
topic: Cache. Enjoy .Net!!
|
