Beginner's Guide To View State

Table of Contents

• Introduction
• What is state management ?
• Different types of state management?
• What is view state ?
• Advantages of view state ?
• Disadvantages of view state ?
• When we should use view state ?
• When we should avoid view state?
• Where is view state stored ?
• How to store object in view state ?
• How to trace your view state information?
• Enabling and Disabling View State
• How to make view state secure?
• Some Important Points

Introduction

First of all I want to thank Sean Ewington for his great initiative to write Beginner's Walk for Web Development article. I have decided to write some articles on state management There are a few article on Code project on State Management, basically on Session, Caching, Cookies, etc. Though all are very good article, still I have planned for write some article on state management. and I believe that should definitely helps to all the Beginners. And I have organized the content in a way that it would be helpful to not only beginners also to advance user also.

In this article, I will cover the fundamentals of State Management and Details of View State.

What is state management?

Web is Stateless. It means a new instance of the web page class is re-created each time the page is posted to the server. As we all know HTTP is a stateless protocol, its can't holds the client information on page. As for example , if we enter a text and client on submit button, text does not appear after post back , only because of page is recreated on its round trip.

As given in above pages, page is recreated before its comes to clients and happened for each and every request. So it is a big issue to maintain the state of the page and information for a web application. That is the reason to start concept of State Management. To overcome this problem ASP.NET 2.0 Provides some features like View State, Cookies, Session, Application objects etc. to manage the state of page.

There are some few selection criteria to selected proper way to maintain the state, as there are many way to do that. Those criteria are:

• How much information do you need to store?
• Does the client accept persistent or in-memory cookies?
• Do you want to store the information on the client or on the server?
• Is the information sensitive?
• What performance and bandwidth criteria do you have for your application?
• What are the capabilities of the browsers and devices that you are targeting?
• Do you need to store information per user?
• How long do you need to store the information?
• Do you have a Web farm (multiple servers), a Web garden (multiple processes on one machine), or a single process that serves the application?

So, when ever you start to think about state management, you should think about above criteria. based on that you can choose the best approaches for manages state for your web application.

Different types of state management?

There are two different types of state management:

1. Client Side State Management
   • View State
   • Hidden Field
   • Cookies
   • Control State
2. Server Side State Management
   • Session
   • Application Object
   • Caching
   • Database

Client Side state management does not use any server resource , it store information using client side option. Server Side state management use server side resource for store data. Selection of client side and server side state management should be based on your requirements and the selection criteria that are already given.

What is view state?

View State is one of the most important and useful client side state management mechanism. It can store the page value at the time of post back (Sending and Receiving information from Server) of your page. ASP.NET pages provide the ViewState property as a built-in structure for automatically storing values between multiple requests for the same page.

Example:

If you want to add one variable in View State,

 ViewState["Var"]=Count;

For Retrieving information from View State

string Test=ViewState["TestVal"];

Sometimes you may need to typecast ViewState Value to retreive. As I give an Example to strore and retreive object in view state  in the last of  this article.

Advantages of view state?

This are the main advantage of using View State:

• Easy to implement
• No server resources are required
• Enhanced security features ,like it can be encoded and compressed.

Disadvantages of view state?

This are the main disadvantages of using View State:

• It can be performance overhead if we are going to store larger amount of data , because it is associated with page only.
• Its stored in a hidden filed in hashed format (which I have discussed later) still it can be easily trapped.
• It does not have any support on mobile devices.

When we should use view state?

I already describe the criteria of selecting State management. A few point you should remember when you select view state for maintain your page state.

• Size of data should be small , because data are bind with page controls , so for larger amount of data it can be cause of performance overhead.
• Try to avoid storing secure data in view state

When we should avoid view state?

You won't need view state for a control for following cases,

• The control never change
• The control is repopulated on every postback
• The control is an input control and it changes only of user actions.

Where is view state stored?

View State stored the value of page controls as a string which is hashed and encoded in some hashing and encoding technology. It only contain information about page and its controls. Its does not have any interaction with server. It stays along with the page in the Client Browser. View State use Hidden field to store its information in a encoding format.

Suppose you have written a simple code , to store a value of control:

ViewState["Value"] = MyControl.Text;

Now, Run you application, In Browser, RighClick > View Source , You will get the following section of code

Fig : View state stored in hidden field

Now , look at the value. looks likes a encrypted string, This is Base64 Encoded string, this is not a encoded string. So it can easily be decoded. Base64 makes a string suitable for HTTP transfer plus it makes it a little hard to read . Read More about Base64 Encoding . Any body can decode that string and read the original value. so be careful about that. There is a security lack of view state.

How to store object in view state?

We can store an object easily as we can store string or integer type variable. But what we need ? we need to convert it into stream of byte. because as I already said , view state store information in hidden filed in the page. So we need to use Serialization. If object which we are trying to store in view state ,are not serializable , then we will get a error message .

Just take as example,

//Create a simple class and make it as Serializable
[Serializable]
public class student
{
    public int Roll;
    public string Name;
    public void AddStudent(int intRoll,int strName)
      {
        this.Roll=intRoll;
        this.Name=strName;
           }
}

Now we will try to store object of "Student" Class in a view state.

 //Store Student Class in View State
student _objStudent = new student();
_objStudent.AddStudent(2, "Abhijit");
ViewState["StudentObject"] = _objStudent;

//Retrieve Student information view state
 student _objStudent;
_objStudent = (student)ViewState["StudentObject"]; 

How to trace your view state information?

If you want to trace your view state information, by just enable "Trace" option of Page Directive

Now Run your web application, You can view the details of View State Size along with control ID in Control Tree Section. Don't worry about "Render Size Byte" , this only the size of rendered control.

Enabling and Disabling View State

You can enable and disable View state for a single control as well as at page level also. To turnoff view state for a single control , set EnableViewState Property of that control to false. e.g.:

TextBox1.EnableViewState =false;

To turnoff the view state of entire page, we need to set EnableViewState to false of Page Directive as shown bellow.

Even you disable view state for the entire page , you will see the hidden view state tag with a small amount of information, ASP.NET always store the controls hierarchy for the page at minimum , even if view state is disabled.

For enabling the same, you have to use the same property just set them as True

as for example, for a single control we can enabled view state in following way,

TextBox1.EnableViewState =true;

and for a page level,

How to make view state secure?

As I already discuss View state information is stored in a hidden filed in a form of Base64 Encoding String, and it looks like:

Many of ASP.NET Programmers assume that this is an Encrypted format, but I am saying it again, that this is not a encrypted string. It can be break easily. To make your view state secure, There are two option for that,

• First, you can make sure that the view state information is tamper-proof by using "hash code". You can do this by adding "EnableViewStateMAC=true" with your page directive. MAC Stands for "Message Authentication Code"

A hash code , is a cryptographically strong checksum, which is calculated by ASP.NET and its added with the view state content and stored in hidden filed. At the time of next post back, the checksum data again verified , if there are some mismatch, Post back will be rejected. we can set this property to web.config file also.

• Second option is to set ViewStateEncryptionMode="Always" with your page directives, which will encrypt the view state data. You can add this in following way

It ViewStateEncryptionMode has three different options to set:

• Always
• Auto
• Never

Always, mean encrypt the view state always, Never means, Never encrypt the view state data and Auto Says , encrypt if any control request specially for encryption. For auto , control must call Page.RegisterRequiresViewStateEncryption() method for request encryption.

we can set the Setting for "EnableViewStateMAC" and ViewStateEncryptionMode" in web.config also.

Note : Try to avoid View State Encryption if not necessary , because it cause the performance issue.

Some Important Points

Questions	Answer
Client Side or Server Side ?	Client Side
Use Server Resource ?	No
Easy to implement ?	Yes
Cause Performance Issue ?	For heavy data and case of encryption & decryption
Support Encryption Decryption?	Yes
Can store objects ?	Yes, but you need to serialize the class.
Timeout	No

That's all for view state. Hope you have enjoyed this article, please don't forget to give me your valuable suggestions. If anything need to update or changed please post your comments and please give me suggestion.

Reference

• MSDN Reference

History

Written on Saturday, 29^th November, 2008

Small Correction on Monday December 2008

You must Sign In to use this message board.

FAQ  Noise Tolerance Very HighHighMediumLowVery Low  Search Messages    Layout Expand All MessagesThread ViewNo Javascript (slow)No Javascript Preview    Per page 102550

Msgs 1 to 25 of 51 (Total in Forum: 51) (Refresh) FirstPrevNext

Congratulations again Brij 22:05 22 Dec '08   Congratulations again buddy for winning the prize in two consecutive month.Congrats Man. Cheers!! Brij Sign In·View Thread·PermaLink Re: Congratulations again Abhijit Jana 22:11 22 Dec '08   Thanks Brij. cheers, Abhijit Sign In·View Thread·PermaLink Congratulation Sameer NIGAM 21:51 22 Dec '08   Congratulation Abhijit for winning the context. well done. Samir NIGAM My Articles Sign In·View Thread·PermaLink 5.00/5 (1 vote) Re: Congratulation Abhijit Jana 22:04 22 Dec '08   Thanks Sameer !!! cheers, Abhijit Sign In·View Thread·PermaLink And here's some ways to replace the View State : h_c_d 9:16 22 Dec '08   I love your article. The View State is one of those things that is invented to make life easier, but is abused a lot. So i wrote an article that sheds some light on what impact the View State can have on your page size when improperly used, and also how the View State can easily be replaced ! Check it out at : http://www.qsoft.be/post/Cutting-the-cancer-called-View-State.aspx Sign In·View Thread·PermaLink 5.00/5 (1 vote) Re: And here's some ways to replace the View State : Abhijit Jana 18:25 22 Dec '08   h_c_d wrote: I love your article. Thanks !! Thanks for the info cheers, Abhijit Sign In·View Thread·PermaLink Re: And here's some ways to replace the View State : Leblanc Meneses 4:46 23 Dec '08   I think the recommend approach to reduce viewstate impact on the client is simply to implement a custom: viewstate provider. http://www.codeproject.com/KB/viewstate/ViewStateProvider.aspx[^] -lm Sign In·View Thread·PermaLink 5.00/5 (1 vote) Re: And here's some ways to replace the View State : h_c_d 5:05 23 Dec '08   Although a nice article, it's not really the same. The technique in the mentioned article does not replace the View State, it just saves the View State in another medium, eg the database. But I admit, if the ultimate goal is to makes the pages smaller, it can be a great solution Sign In·View Thread·PermaLink Excellent work Dr.Luiji 12:03 18 Dec '08   Thanks for this info with us. Dr.Luiji Trust and you'll be trusted. Try iPhone UI [^] a new fresh face for your Windows Mobile, here on Code Project. Sign In·View Thread·PermaLink 4.20/5 (2 votes) Re: Excellent work Abhijit Jana 19:23 18 Dec '08   Thanks !! cheers, Abhijit Sign In·View Thread·PermaLink helpful longyzu 3:31 18 Dec '08   the article is very helpful to me, but i still have a problem, is there any diffrence between view state and hidden area, which one is better Sign In·View Thread·PermaLink 5.00/5 (1 vote) Re: helpful Abhijit Jana 3:44 18 Dec '08   longyzu wrote: the article is very helpful to me Nice to know its helps you longyzu wrote: but i still have a problem, is there any diffrence between view state and hidden area, which one is better Just Read This one[^] Thanks again !!! Thanks for voting Hope This will also help you Beginner's Guide To Asp.Net Application Folder[^] cheers, Abhijit Sign In·View Thread·PermaLink Thanks Alegar_Lee 14:35 15 Dec '08   Thanks so much . It's very helpful for me .Last night after i read your article, I translated it into chinese and published in my blog(msn). Hope you don't mind. Sign In·View Thread·PermaLink 5.00/5 (1 vote) Re: Thanks Abhijit Jana 20:17 15 Dec '08   Alegar_Lee wrote: Thanks so much . It's very helpful for me . Nice to knwo its helps you!! Alegar_Lee wrote: Last night after i read your article, I translated it into chinese and published in my blog(msn). Ohhhh..Great...May I have that link of your blog that I can check how its looks like in chinese. Alegar_Lee wrote: Hope you don't mind cheers, Abhijit My Recent Article : Beginner's Guide to ASP.NET Application Folder Sign In·View Thread·PermaLink Re: Thanks Alegar_Lee 1:19 16 Dec '08   This is the link: http://cid-1dadbd864313f55a.spaces.live.com/blog/cns!1DADBD864313F55A!155.entry[^] Translation may be not accurate enough,but i will do better. Sign In·View Thread·PermaLink Re: Thanks Abhijit Jana 4:24 16 Dec '08   Ohhhh..My god . I am gone through this article But I am only able to understand anything except english part Again !!! Thanks a lot n to choose my article to translate it to Chinees . cheers, Abhijit My Recent Article : Beginner's Guide to ASP.NET Application Folder Sign In·View Thread·PermaLink ViewState Vs. Session? thund3rstruck 16:58 8 Dec '08   Can you elaborate on the difference between storing objects in ViewState Vs. the Session? I always use Sessions and I'm wondering if it makes more sense to use ViewState instead. Sign In·View Thread·PermaLink 5.00/5 (1 vote) Re: ViewState Vs. Session? Abhijit Jana 19:19 8 Dec '08   ViewState is ClientSide StateManagement, which store Serializable object in a hidden filed and its persisted accross the postback by a single page. And its keeps value until until you redirect to next page. On the other hand , Session is ServerSide StateManagement, which store values in server memory and persist accross the multiple page of same site by the same user until session timeout or you remove the session programmaticaly. Hope This clears your doubts !!! cheers, Abhijit My Recent Article : Beginner's Guide to ASP.NET Application Folder Sign In·View Thread·PermaLink 5.00/5 (4 votes) Re: ViewState Vs. Session? thund3rstruck 3:44 9 Dec '08   Makes perfect sense; Thanks! Sign In·View Thread·PermaLink Re: ViewState Vs. Session? Abhijit Jana 4:45 9 Dec '08   Nice to know its helps you!!! cheers, Abhijit My Recent Article : Beginner's Guide to ASP.NET Application Folder Sign In·View Thread·PermaLink Re: ViewState Vs. Session? PanayotisMatsinopoulos 21:10 22 Dec '08   Hi, That was a good article. However, SessionState is NOT a SERVER SIDE STATE MANAGEMENT. It is either CLIENT SIDE or SERVER SIDE depending on the method you use to save Session Data. This is configured in your web.config file. <sessionstate mode="..."> where "...." takes one of the values "Custom, InProc, Off, SqlServer, StateServer". If you choose "InProc" then the session state does not involve server. It stores the session data on client side cookies. If you choose SqlServer or StateServer then it is a server side storage of session data. BR Panayotis Matsinopoulos Sign In·View Thread·PermaLink Re: ViewState Vs. Session? Abhijit Jana 23:08 22 Dec '08   PanayotisMatsinopoulos wrote: That was a good article. Thanks a Lot !! PanayotisMatsinopoulos wrote: SessionState is NOT a SERVER SIDE STATE MANAGEMENT. No !!! Session is Server Side State Management. PanayotisMatsinopoulos wrote: It is either CLIENT SIDE or SERVER SIDE depending on the method you use to save Session Data. This is configured in your web.config file. where "...." takes one of the values "Custom, InProc, Off, SqlServer, StateServer". All those modes store data in server side. PanayotisMatsinopoulos wrote: If you choose "InProc" then the session state does not involve server. It stores the session data on client side cookies. If you choose SqlServer or StateServer then it is a server side storage of session data. I think I will clear all of your doubts in my Session Article. So please wait for few weeks. It's in the Queue. Any way .. Check This one also BNeginner's Gudie to Asp.Net Cookies[^] cheers, Abhijit Sign In·View Thread·PermaLink Re: ViewState Vs. Session? Leblanc Meneses 5:00 23 Dec '08   Sessions expire(you have some control to expiration but most often there is a limit), secure ViewState don't expire from start to end (from initial page load to continuous postbacks), you should approach data from viewstate as being tampered and available as plain text. Say i wanted to create a wizard in asp.net since sessions expire by the end of the wizard i could potentially loose values user needed to persist. by using viewstate i can push an object to viewstate to hold user entered data for the wizard. The individual can leave for days and still finish the wizard. in the past viewstate was used by controls but now there is control state which cannot be turned off. Controls need to persist there current state (panels visible/closed) and any other value that cannot be interpreted by parser or has been modified to a different setting than what can be interpreted by aspx parser. -lm Sign In·View Thread·PermaLink 5.00/5 (1 vote) Re: ViewState Vs. Session? Abhijit Jana 5:25 23 Dec '08   O Great.. Thanks for your Contribution . cheers, Abhijit Sign In·View Thread·PermaLink Further Reading SmirkinGherkin 4:44 7 Dec '08   Nice article covering how to start controlling viewstate. Another, quite old article which goes into a lot of detail about exactly what is stored in the viewstate can be found at http://weblogs.asp.net/infinitiesloop/archive/2006/08/03/truly-understanding-viewstate.aspx. Sign In·View Thread·PermaLink 5.00/5 (1 vote)

Last Visit: Thursday, January 8, 2009 3:02 AM     Last Update:Thursday, January 8, 2009 3:02 AM 12 Next »