Save ASP. NET status

ASP. NET status saving can be divided into client saving and server saving:

Using Client options to store page information without using server resources these options often have the lowest security but the fastest server performance, because the requirements for server resources are moderate. However, because the information must be sent to the client for storage, there are certain objective restrictions on how much information can be stored in this way.

The client can be stored in the following four ways:

1 viewstate:

Usage scenario: the value is automatically retained between multiple requests on the same page. It is mostly used for client events ., Typical scenarios include page information resetting, logon error count statistics, and grid column sorting.

Advantage: it is simple and relatively secure without using server resources because it is hashed and compressed and encoded for Unicode implementation.

Disadvantage: Because viewstate is stored on the page itself, large values cannot be stored. In addition, you can see the values in the source file. Although the values are hashed and compressed, there is still a risk of tampering.

Types that can be stored: String, integer, bool, array, arr aylist, hashtable, and Other types that can be serialized.

2 hiddenfield:

The usage scenario is: store a small amount of information that is frequently changed on the page and use it with client scripts. The typical usage scenario is: send back to the server after the client passes a series of verification, the server obtains the value from the client hiddenfield for processing. For example, in leyserhomepage, to delete a product, you need to pop up the confirmation form on the client. After the user confirms the form, the postbac K will return to the server side for the database delete operation. When the user confirms that the product is to be deleted, store the product ID to be deleted in a hiddenfield, and then execute Form (0 ). the submit is sent back to the server, and the server obtains the product ID value from the hiddenfield for database operations.

Advantages: simple implementation without using server resources, widely supported

Disadvantage: the security is not high, because it is included in the page for sending, so you can see its content through the source file. The storage structure is small. It only supports simple data structures such as string, integer, bool, array, and arraylis T. In addition, only simple single values are stored. To store multiple values, additional encoding is required. The storage capacity is small because it is stored on the page itself, so it cannot store large values. In addition, a large amount of data is blocked by firewalls and proxies. Note: After using hiddenfield, you need to send it back to the server for processing. You should use the http post method instead of the http get method (access through URL requests)

3 COOKIE:

Usage scenario: store the information that is frequently changed in a small number of pages. Typical usage scenarios are: Save the login user name for the logged-in website, which is convenient for user input, you can also save your personalized settings on custom projects.

Advantage: it is easy to implement without using server resources and you can configure the expiration time.

Disadvantage: The size is limited. Generally, the maximum cookie size supported by browsers is 4096 bytes. Client users may be configured to reject cookies. Security: the information stored on the client may be modified or obtained by malicious users, so sensitive information should not be saved. Persistence: the storage duration is affected by the client configuration.

Cookies are usually used to access the personalization of known user-defined content. In most cases, cookies are used as "identifiers" rather than "Identity Authentication". Therefore, only the user name, account name, or unique user ID (such as guid) is stored in cookies) it is sufficient to use it to access the user's personalized structure of the site.

4 querystring:

Use Case: the easiest way to pass information from one page to another.

Advantage: it does not use server resources and is widely supported and easy to implement.

Disadvantage: security, because the URL is directly exposed to the user, there is a risk of tampering. Limited capacity. Generally, browsers have 255 characters. You can only query strings on the URL request page. The query string cannot be read from the page that has been submitted to the server.

 

View status: you need to store a small amount of information for the pages that will be sent back to you. The use of the viewstate attribute provides basic security functions.

Hidden domain: you need to store a small amount of information for pages that are sent back to you or another page without high security. Client events can only use hidden domains on pages submitted to the server.

COOKIE: a small amount of information needs to be stored on the client without high security. (Personalized)

Query string: transfers a small amount of information from one page to another without high security. (Page Jump) a query string can be used only when one page is requested or another page is requested through a link.