Tuesday, December 18, 2012

State Management in ASP.NET

State Management Options

  1. Saving state in a hidden field on page.
  2. Use URL GET query string.
  3. Use cookies.
  4. Use Session cracking.
Hidden Fields
Putting state into hidden fields on HTML page.
  • Compatible with all browsers.
  • Cannot be blocked by user with out blocking entire form.
  • Cannot be manipulated/corrupted by user.
  • State deleted as soon as user closes browser/leaves site.
  • Large state data will slow transmission to and from server.
  • Easily read unless encrypted.
  • Lost if user goes to a normal(non-posted) page.
Putting the state in the URL query string.
  • Compatible with all browsers.
  • Very simple and easy to add to any page(no form needed)
  • State deleted as soon as user closes browser/leaves site.
  • State becomes highly visible to user and anyone else.
  • Must convert(serialize) state to strings (name value pairs)
  • Limited storage (Max allowed URL length is around 2K)
  • Lost if user goes to a page outside of the application.
Putting the state in browser side cookies.
  • Stays around for life time of application(Can be stored permanently by setting expiration time).
  • Less visible than URL and hidden fields.
  • Limited storage - around 4K
  • Still requires state to be converted into a string.
  • User can block cookies via browser settings.
Putting the state in server side database.
  • Very secure.
  • Cannot be blocked by client.
  • Can use an in-memory database for speed.
  • Can store lots of data and keep it in original form.
  • Scalability issues: server must store state for all clients.
  • Must use time outs to detect and clean up dead sessions.

No comments:
Write comments
Recommended Posts × +