Basic theory:
Session value is stored in the server memory, then, it is certain that a large number of use of the session will result in heavier server burden. Instead of ViewState server resources by simply depositing data into a page-hidden control, we can save variables and objects that require the server to "remember" into viewstate. Sesson should only be applied to variables and object stores that require cross-pages and are related to each access user. In addition, the session expires in 20 minutes by default, and ViewState never expires.
Data type:
But ViewState is not able to store all of the. NET type data, it only supports string, Integer, Boolean, Array, ArrayList, Hashtable, and some types of customizations.
Other considerations
Of course, everything has two sides, using ViewState will increase the output of the page HTML, the use of more bandwidth, which we need to consider carefully. In addition, since all viewstate are stored in a hidden domain, the user can easily view the source code to see this base64 encoded value. Then you can get the object and variable values that you store in the conversion.
In fact, for the security of ViewState, ASP. Generally, if you want to protect viewstate there are two ways: one is tamper-proof and one is encryption. When it comes to anti-tampering, we think of using hash code. Yes, we can add the following code at the top of the page: page enableviewstatemac=true. In this way, ASP. NET will automatically append a hash code in the ViewState, when the page callback, the server generates a hash code according to the viewstate of the callback, and then compared with the hash code of the callback, if not, discard the viewstate, and the control will revert to the first state. (by default, ASP generates hashes through the SHA1 algorithm instead of the MD5 algorithm, but this can be configured in Machine.config machinekey validation= "MD5"), and viewstate encryption is much simpler. As long as in the Machine.config set a machinekey validation= "3DES" can be implemented with DES encryption viewstate.
How to use
How to access ViewState on the client?
Application environment
Some parameters that are not security-related, have a small amount of data, and require long-time operation should be accessed with ViewState.
In Webgis, the map of the various related states, such as zoom, center, layers, visibility, etc., with viewstate access, there is no session expiration problem, the page can be used forever, even can download save, in the map request, Or IFRAME into a third-party application.
viewstate usage in ASP.But in this case the session in the system is too much, I always think this is not very good, although each session has an ID will not conflict. Asp. NET introduces viewstate, which can record some data values in different postback of the same page.
So my workaround is to record the previously static global variables in a form such as viewstate["name", which avoids the problem because my system is used on the LAN, and the extra amount of data that ViewState brings is negligible.ASP. NET ViewState Usage:
Asp. NET is a mechanism used in ASP. VIEWSTATE to hold the state value in the Web control callback. In the Web Form (form) is set to runat= "Server", this form (the forms) is appended with a hidden property _viewstate._ The ViewState stores the state values of all controls in viewstate.
ViewState is a field in a class control, and all other controls gain viewstate functionality by inheriting control. Its type is System.Web.UI.StateBag, a collection of name/value objects.
When a page is requested, ASP. NET serializes the state of all controls into a string and then sends it to the client as a hidden property of the form. When the client sends the page back, ASP. NET parses the returned form properties and assigns the corresponding value to the control. Of course, these are all owned by ASP.
Defining ViewState Properties
public int PageCount
{
Get{return (int) viewstate["PageCount"];}
set{viewstate["PageCount"]=value;}
}
Conditions for using ViewState
If you want to use ViewState, you must have a server-side form tag (<form runat=server>) in the ASPX page. A form field is required so that a hidden field containing viewstate information can be passed back to the server. Also, the form must be a server-side form, so that when the page executes on the server, ASP. NET page framework to add hidden fields.
The page's EnableViewState property value is true.
The EnableViewState property value of the control is true.
Remind:
1. When there is a page callback, you do not need to maintain the value of the control to disable viewstate.
The index of 2.ViewState is case-sensitive.
3.ViewState is not a cross-page.
4. In order for a packet to exist in the ViewState, the object must be either fluidization or TypeConverter defined.
5. When the control TextBox's TextMode property is set to password, its state will not be saved in ViewState, which should be for security reasons.
6. Do not use ViewState when the page does not return or redirect or when it is transferred to another page (transfer) .
7. Be careful about the viewstate of a control when it is dynamically built.
8. When the viewstate of a program is forbidden, the viewstate of all pages of the program is also banned.
9. ViewState is only persistent when the page is returned to itself.
Set ViewState
ViewState can be set in the control, page, program, global configuration. EnableViewState is true by default. If you want to disable all page ViewState functionality, you can set EnableViewState to False in the program configuration.
This article about: asp.netviewstate usage
Session,viewstate usage
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
