http://blog.csdn.net/zyw_anquan/article/details/7664132Application: The physical location of the storage: server-side memory. Storage type restriction: Any type, Application object can hold other objects. State uses the scope: the entire application. Storage size limit: any size. Life cycle: The application is created at the beginning and destroyed at the end of the application. Security and performance: High security (because it resides on the server side), cannot hold large amounts of data. Session features: InProc stateserver SQL Server Storage physical location: IIS (memory) Windows service process (memory) SQL Server database (disk) storage type restriction: Unrestricted size limit for type storage that can be serialized: Unrestricted use scope: Current request context, per-user independent life cycle: first access to site creation, time-out or abandon security: high (because it resides on the server side) Advantages: Fast speed Disadvantage: Serialization and deserialization consume CPU resource cookie characteristics: physical location of storage: Client , if it is a temporary cookie, exists in the browser's memory. In the case of a persistent cookie, it exists in the client's cookie folder. Stored type restriction: string. State Use Range: the context of the current request can be accessed to Cookie,cookie independent of each user. Storage size limit: cannot be greater than 4k. Life cycle: Expires after expiration time. Security and performance: Security is low (because it resides on the client) and encryption is considered necessary for sensitive data. Can be used for long-term saving of user settings. ViewState (ASP. NET WebForm) features: The physical location of the store: Client form hidden fields. Storage type restriction: Serializable type. State uses the range: the current page (control), independent of each user. Storage size limit: Storing too much data can result in slow submission and open pages. Life cycle: The same as the page life cycle.authentication and encryption are provided. Avoid storing large amounts of data to affect performance. ----------------------------------------------------------------- cookies and SessionId are transmitted in the Request/response Header, and a SESSIONID maintains a session object in the server.SessionID is a special cookie that has no expiration time and is not saved in the cookie's Temp folder, and is automatically purged with the session ending.ViewState transmission in the Request/response Body