Status management is the process of maintaining the status and page information for multiple requests on the same page or different pages. Like all HTTP-based technologies, web form pages are stateless, which means they do not automatically indicate whether all requests in the sequence come from the same client, or whether a single browser instance is always viewing pages or sites. In addition, every round-trip to the server will be destroyed and the page will be re-created; therefore, if the lifecycle of a single page is exceeded, the page information will not exist.
ASP. NET provides multiple ways to maintain the status between server round-trip processes. The selection of these status management options depends on your application.ProgramAnd should be based on the following conditions:
What is the amount of information that needs to be stored?
Does the client accept persistent or in-memory cookies?
Do you want to store the information on the client or server?
Is the information sensitive?
What performance and bandwidth conditions have you set for your application?
What functions does the target browser and device have?
Do you need to store user-based information?
How long does the information need to be stored?
Do you use a web farm (multiple servers), a web Garden (multiple processes on a computer), or a single process to run applications?
Client Status Management
View status
The viewstate attribute is provided as a built-in structure on the web form page, and the value is automatically retained between multiple requests on the same page. View status is maintained as hidden fields on the page.
You can use the view status to store your own page-specific values during the round-trip process when the page is sent back to itself. For example, if your application is maintaining user-specific information (that is, this information is used on the page but is not necessary for any control ), you can use the view status to store the information.
Advantages of using view status
No server resource view status is required to be included on the pageCode.
You do not need to use any custom Programming to Implement the simple view State. By default, status data maintenance is enabled for the control.
Enhanced security features view values in the State are hashed and compressed, and encoded for Unicode implementation. The security is higher than that of hidden fields.
Disadvantages of using view status
Performance considerations because the view status is stored on the page itself, if a large value is stored, the speed of page display and page sending may slow down. Especially for mobile devices, the bandwidth is usually limited.
Devices may not have enough memory to store a large amount of view status data.
The potential security risk view State is stored in one or more hidden domains on the page. Although the view State stores data in a hash format, it can be tampered. If you directly view the page output source, you can see information in the hidden domain, which leads to potential security issues.
Control status
The ASP. NET page framework provides the controlState attribute as a method for storing custom control data during server round-trip. For example, if the custom control you wrote uses multiple option cards to display different information, to make the control work as expected, control needs to know which tab is selected during the round-trip process. View status can be used for this purpose, but developers may disable view status at the page level, which actually destroys your control. Unlike the view status, the control status cannot be disabled. Therefore, it provides a more reliable way to store the control status data.
Advantages of using the control status
No server resources are required. By default, the control status is stored in the hidden domain on the page.
Reliability because the control status is not as close as the view status, the control status is a more reliable way to manage the control status.
You can write custom adapters to control the storage location of control status data and control status data.
Disadvantages of using the control status
Some programming is required. Although the ASP. NET page framework provides the foundation for the control state, the control state is a custom state persistence mechanism. To make full use of the control status, you must write code to save and load the control status.
Hide domain
You can store page-specific information in the hidden domain on the page as a way to maintain the page status.
If you use a hidden domain, it is best to store only a small amount of frequently changed data on the client.
Note:
If you want to use a hidden domain, you must use the http post method to submit a page to the server, instead of the http get method to request the page through the page url.
Advantages of using hidden Domains
You do not need to store or read any hidden domain of server resources on the page.
Widely supported almost all browsers and client devices support forms with hidden fields.
Simple hidden fields are standard HTML controls without complex programming logic.
Disadvantages of using hidden Domains
Hidden domains with potential security risks can be tampered. If you directly view the page output source, you can see information in the hidden domain, which leads to potential security issues. You can manually encrypt and decrypt the content of the hidden domain, but this requires additional encoding and overhead. If you are concerned about security, consider using the server-based status mechanism so that sensitive information is not sent to the client.
The hidden domain of a simple storage structure does not support complex data types. The hidden domain only provides one string value field for storing information. To store multiple values, you must separate the strings and analyze the code of those strings. You can manually serialize complex data types to hidden domains and deserialize hidden domains to complex data types. However, this requires additional code. If you need to store complex data types on the client, consider using view status. The view status has built-in serialization and stores data in a hidden domain.
Performance considerations because the hidden domain is stored on the page itself, if a large value is stored, the speed of page display and page sending may be slowed down.
Storage restrictions if the amount of data in the hidden domain is too large, some proxies and firewalls will block access to pages containing the data. Because the maximum number varies with the firewall and proxy used, large hidden domains may encounter unexpected problems. If you need to store a large number of data items, consider one of the following operations:
Place each item in a separate hidden domain.
When view status is used and the view status is segmented, data is automatically divided into multiple hidden domains.
Do not store data on the client, and keep the data on the server. The more data you send to the client, the slower the response time of your application, because the browser needs to download or send more data.
Cookie
Cookies are used to store a small amount of frequently changed information on the client. The information is sent to the server together with the request.
Advantages of using cookies
You can configure an expiration rule. The cookie can expire at the end of the browser session, or it can exist on the client computer indefinitely, depending on the client's expiration rule.
No server resource cookies are stored on the client and are read by the server after being sent.
Simple cookie is a simple text-based structure that contains simple key-value pairs.
Data Persistence although the duration of the cookie on the client computer depends on the cookie expiration processing on the client and user intervention, the cookie is usually the longest data retention form on the client.
Disadvantages of using cookies
The size of a 4096-byte cookie is restricted by most browsers, although the 8192-byte cookie size is increasingly common in today's new browsers and client device versions.
Users configured to disable some users to disable the ability of browsers or client devices to receive cookies, thus limiting this function.
Potential security risks cookies may be tampered. Users may manipulate cookies on their computers, which means potential risks to security or failure of applications dependent on cookies. In addition, although cookies can only be sent to the client's domain for access, hackers have historically discovered how to access cookies from other domains on the user's computer. You can manually encrypt and decrypt cookies, but this requires additional encoding, and it takes a certain amount of time to encrypt and decrypt the cookies, which affects the application performance.
Note:
Cookies are usually used to personalize custom content of known users. In most cases, cookies are used as "identifiers" rather than "authentication ". Therefore, the method to protect the cookie used to identify is to store the user name, account name, or unique user ID (such as guid) in the cookie, and then use the information in the user personalized structure to access the site.
Query string
The query string is the information appended at the end of the page url.
You can use a query string to submit data back to your page or another page through a URL. Querying strings provides a simple but limited way to maintain certain State information. For example, they are a simple way to transfer information from one page to another (for example, to another page that will process the product number ).
Advantages of using a query string
No server resource query string is required to be contained in an HTTP request to a specific URL.
Supports query strings to pass values in almost all browsers and client devices.
Simple ASP. NET fully supports the query string method, which includes the method for reading the query string using the Params attribute of the httprequest object.
Disadvantages of using a query string
Potential security risks: users can directly view the information in the query string on the browser user interface. You can set this URL as a bookmark or send it to another user to pass the information in the query string through this URL. If you are concerned about querying any sensitive data in a string, consider using a hidden field in a form (using post instead of a query string.
Limited capacity Some browsers and client devices limit the URL length to 2083 characters.
Server Status Management
Application Status
ASP. NET uses the httpapplicationstatefrlrfsystemwebhttpapplicationstateclasstopic class to provide the application status as a method to store the specific information of the global application (visible to the entire application. The application state variable is actually a global variable for ASP. NET applications.
You can store application-specific values in the application status, and the application status will be managed by the server.
Data shared by multiple sessions and infrequently changed is the ideal data to be inserted into application state variables.
Advantages of using Application Status
Simple application states are easy to use and are familiar to ASP developers and consistent with other. NET Framework classes.
Application Scope because the application state can be accessed by all pages in the application, storing information in the application state may mean that only one copy of the information is retained (for example, compared to multiple copies that save information in the session status or on a separate page ).
Disadvantages of using Application Status
Application Scope The Scope of application status may also be a disadvantage. Variables stored in the application state are global only for specific processes in which the application is running, and each application process may have different values. Therefore, you cannot rely on the application status to store unique values or update global counters in the Web farm and web garden server configurations.
Data Persistence is limited because the global data stored in the application state is easy to lose, therefore, if the Web server process that contains the data is damaged (for example, due to server crash, upgrade, or shutdown), the data will be lost.
Resources require the application state to require the server memory, which may affect the server performance and scalability of the application.
The well-designed and implemented application status can improve the web application performance. For example, if you place common and related static datasets in the application state, you can improve the site performance by reducing the total number of data requests to the database. However, there is a performance balance here. When the server load increases, application state variables containing large pieces of information will reduce the performance of the Web server. Before removing or replacing a value, the memory occupied by the variables stored in the application state will not be released. Therefore, it is best to use only application state variables for small datasets that are not frequently changed.
Session Status
ASP. NET provides a session state that can be used as an httpsessionstate class or a method that stores session-specific information (only visible in this session. ASP. NET session Status identifies a request from the same browser within a limited time window as a session and retains the variable value during the session duration.
You can store session-specific values and objects in the session state. The session State objects are managed by the server and can be used by browsers or client devices. Ideal data stored in session state variables is short-term and sensitive data specific to individual sessions.
Advantages of session Status
The simple session Status function is easy to use and is familiar to ASP developers and consistent with other. NET Framework classes.
Session-specific events session management events can be triggered and used by applications.
Data Persistence in session state variables can withstand Internet Information Service (IIS) restart and auxiliary process restart without losing session data, this is because the data is stored in another process space. In addition, session status data can be maintained across multiple processes (for example, in a web farm or web garden ).
The platform's scalable session status can be used in multi-computer and multi-process configurations, thus optimizing the scalability scheme.
No cookie is required. Although the most common purpose of session status is to provide user identification to Web applications with cookies, session status can be used in browsers that do not support HTTP cookies. However, to use the session status without Cookie, you need to place the session identifier in the query string (this topic also encounters the security issues stated in the query string section ).
Scalability you can customize and extend the session status by writing your own session Status provider. Then, session state data can be stored in custom data formats through multiple data storage mechanisms (such as databases, XML files, and even Web Services.
Disadvantages of using session Status
Performance Considerations session state variables are stored in the memory before they are removed or replaced, which may reduce server performance. If the session status variable contains information blocks such as large datasets, the performance of the Web server may be affected due to the increase in server load.
Configuration File Properties
ASP. NET provides a configuration file attribute feature that allows you to store user-specific data. Except that the configuration file data is not lost when the user's session expires, it is similar to the session state. The configuration file attribute function uses the ASP. NET configuration file, which is stored in a fixed format and associated with a single user. The ASP. NET configuration file allows you to easily manage user information without creating and maintaining your own database. In addition, the configuration file uses a strong type of API, you can access this API anywhere in the application, so as to use user information. You can store any type of objects in the configuration file. The ASP. Net configuration file feature provides a general storage system that allows you to define and maintain almost any type of data while still using data in a type-safe manner.
Advantages of using configuration file attributes
Data persistence in the configuration file attributes is retained during IIS and the restart of the auxiliary process without losing data because the data is stored in an external mechanism. In addition, the configuration file attributes can be maintained across multiple processes (for example, in a web farm or web garden ).
The platform's scalability configuration file attributes can be used in multi-computer and multi-process configurations, thus optimizing the scalability scheme.
Scalability: to use the configuration file attributes, you must configure the configuration file provider. ASP.. NET provides a sqlprofileprovider class that allows you to store configuration file data in an SQL database, however, you can also create your own configuration file provider class to store configuration file data in a custom format to a custom storage mechanism, such as an XML file or even a web service.
Disadvantages of using configuration file attributes
Performance Considerations configuration file properties are generally slower than session State, because the former persistently saves data to the data storage device rather than the memory.
The additional configuration requirements are different from the session status. A considerable number of configurations are required for the configuration file attribute function. To use the configuration file properties, you must configure not only the configuration file provider, but also all the configuration file properties you want to store in advance.
Data Maintenance configuration file attributes must be maintained. Because the configuration file data is permanently stored in the storage device, you must ensure that when the data is outdated, the application calls the corresponding cleaning mechanism provided by the configuration file provider.
Database Support
In some cases, you may want to use database support to maintain the status of your website. Generally, databases can be used together with cookies or session statuses. For example, for e-commerce websites, relational database maintenance status information is commonly used because:
Security
Personalization
Consistency
Data Mining
The following are common functions of a cookie-supported database website:
Secure visitors enter the account name and password on the site logon page. The site structure queries the database by logon value to determine whether the user has the right to use your site. If the database determines that the user information is valid, the website will distribute valid cookies containing the unique ID of the user to the client computer. The site grants the user access permission.
Personalized security information stored in the site allows your site to distinguish each user on the site by reading cookies on the client computer. Generally, a site has information in the database to describe users' preferences (identified by a unique ID ). This relationship is called personalization. The site can use the unique ID contained in the cookie to obtain the user's preferences, and then provide the user with the content and information related to the user's specific wishes and to respond to the user preferences for a period of time.
Consistency if you have created a commercial website, you may want to keep the transaction records of the purchased items and services on the site. This information can be reliably stored in your database and referenced by your unique ID. It can be used to determine whether the purchase transaction is complete, or to determine the operation steps that should be taken if the purchase transaction fails. This information can also be used to notify users of the status of the order placed on your site.
Data mining information about site usage, visitors, or product transactions can be reliably stored in databases. For example, the Business Development Department may want to use the data collected from the site to determine the product line or distribution strategy for the next year. The marketing department may want to view demographic information about users on your site. The design and support department may want to view the transaction and write down the areas where the purchase process can be improved. Most enterprise-level relational databases, such as Microsoft SQL Server, provide a set of scalable tools suitable for most data mining projects.
In the above scheme, the website is designed to repeatedly query the database with a unique ID in each general stage, and the website maintains the status. In this method, the user feels that the site is remembering and responding to himself.
Advantages of using database maintenance status
Secure access to the database requires strict authentication and authorization.
The storage capacity can store as much information as possible in the database as needed.
Data Persistence allows you to store database information as long as possible, regardless of the availability of web servers.
The reliability and data integrity database provides a variety of functions for maintaining valid data, including trigger and reference integrity, and transactions. You can easily recover from errors by saving transaction information in the database (rather than in objects such as session state.
The data stored in the database can be accessed by many information processing tools.
A large number of database tools are widely supported and many custom configurations are available.
Disadvantages of using database maintenance status
Complexity using the database to support State management requires more complex hardware and software configurations.
Poor performance considerations the relational data model structure may cause scalability problems. In addition, too many queries to the database may affect the server performance.
Http://aierong.cnblogs.com
SQL server2005 Transact-SQL new weapon learning Summary-Summary
Backup and restoration of stored procedures in ms SQL database (enhanced version)
SQL Server's Distributed Query Essays (using sp_addmediaserver and sp_addmediasrvlogin)
Asp. summary of net2.0 internationalization/Localization Application Implementation (multi-language, multi-cultural page implementation)
WAP development data station (latest update)
Custom Format String essay (iformattable, iformatprovider, implementation of icustomformatter three interfaces)
asynchronous programming of mcad learning notes (asynccallback delegation, iasyncresult interface, begininvoke method, and endinvoke method usage summary)
mcad learning notes: class methods, attention, fields, and indexers called through reflection (2 methods)
serialization of mcad learning notes (binary and soap serialization)
delegate re-understanding of mcad learning notes (Delegate constructor, begininvoke, endinvoke, invoke4 methods)
winform development, summary of information about form display and form value passing
Microsoft Windows Service for mcad Study Notes
copy all the objects and files under a certain category to the target category (Object quota quota)
Asp. net status management (Summary)