State Management In ASP.NET


Since HTTP is stateless protocol, all information associated with the page and the controls on the page would be lost with each round trip between client to server.

To overcome this limitation, ASP.NET includes several options that help you preserve data on page basis and an application basis.

There are basically 2 types of state management in ASP.NET:

  1. Server side state management
  2. Client side state management

Server side state management:

Session State:

Session state is stored in the Session key/value dictionary. Session is maintained per               user. You can save session either in-proc, on state server or on SQL server which can be         configured through web.config file.

Application State:

Like session state does, an Application state is also stored in a key/value dictionary that is     created during each request to a specific URL.

ASP.NET provides 3 events that resides in Global.asax which enable you to handle           application events namely Application_Start, Application_End and Application_Error.

Client side state management:

View State:

This saves all the values of the controls from the page on the webpage between a page         request. This means, viewstate of 1 page can not be accessible in some other                     page (Latest version of .net framework supports accessing viewstate of 1 page into some other page). When the page is processed, the current state of the page is hashed into a string and saved in the page as a hidden field.

Control State:

You may know that viewstate can be disabled from page. But suppose if we are working on a control and need to store control-state data in order for a control to work properly. In such cases, if we disable viewstate from the page, control will not function properly. To overcome this, control state is introduced. The Control State property allows you to persist property information that is specific to a control and cannot be turned off like the ViewState.

Hidden Fields:

ASP.NET allows you to store information in hidden fields. We can see value of a hidden field by viewing the HTML source code of a page. Since hidden fields are stored in plain text, it is recommended not to store sensitive information in it.


A cookie is just a plain text file, used by a browser & server to read and write values from it. We can store a small pieces of information in it. Again as it is a plain text file, it is recommended not to store sensitive information in it as user can manipulate it.

Query Strings:

A query string is data/information that is appended to the end of a page URL. It can be used to pass information from one page to another to even in the same page. It provides a simple but limited way to maintain state information as some browsers/client devices impose a 2083 character limit on the length of the URL. Since querystring is exposed to user, it is recommended not to store sensitive information in it.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s