ViewState, Cookie, and Session

ViewState, Cookie, and Session represent three methods used to track the HTTP Request status. If you only understand the cookie syntax or the use of the built-in session, and do not understand it from the perspective of actual needs, or exaggerate the advantages or disadvantages of a method, it will produce abuse or misuse. Even many people mistakenly think that the ViewState method is not desirable and needs to be disabled. sessions can be replaced by cookies, so there is no need to use them. In fact, ASP. NET built-in ViewState is only a specific implementation and application, and the built-in Session is also a Session method implementation, only consider the ideas behind a specific application, even denying the same idea as an application is not advisable, and many beginners are misled.

Overview

1.The HTTP protocol is stateless.. The Web server disconnects immediately after processing a request. Therefore, even if the same visitor is in the same browser process, it cannot be recognized by the server.

2.Maintain status data between requests. With status data, you can identify your identity, maintain your status, and personalize your identity. Even anonymous users can avoid re-input and compound condition retrieval.

You can maintain status data between requests in three ways: 1.Page-based: Form Element & URL parameters. 2.Cookie-based. 3.Based on Sesson. ViewState is only a page-based approach restricted in ASP. NET. session strengthens the cookie through the server when the cookie cannot meet the requirements, and uses server resources to break through cookie restrictions.

Simply put, the three methods are: page-basedRestricted by the page opening status and browser process time, Unable to complete saving beyond the browser Process status.Cookie may be time-free, but restricted by the size of stored dataOnly a small amount of data can be saved.The session is not limited by the time and size, but is limited by server resources.Because sessions, whether Stored in memory, files, or databases, will affect server efficiency. However, only session can meet the needs of the status data storage scale and security of some websites.

1. Page-based

Page-based data can be transmitted through the form element (input hidden) during POST access, and data can be transferred by adding URL parameters. The most powerful page-based approach is that even if the client disables cookies or javascript, it still does not affect Server Resolution. ASP. NET ViewState is only an application based on page transfer. The ASP. NET page regards the entire page as a Web Form containing all server controls. The default post url can only be the current page. ViewState can be transferred across pages. However, due to the limitations of ASP. NET page model, ViewState can only be used to POST the current page and maintain page data. In the initial ASP. NET event model, you cannot POST to other pages. Response. redirect () or Server. transfer () is not acceptable. The former uses page redirection after POST to the current page, even if you Redirect to itself, it still redirects, the latter POST to the current page and then use other pages for request processing. Although the content of other pages is returned, the URL in the browser will not even change. In ASP. NET 2.0, the client POST is implemented by force POST to other pages in javascript before submitting a form to the client. The Web Form action is still the current page. Maybe Microsoft never expected to use ViewState on other pages, so it sets protected protection for this attribute. However, theoretically, the page-based approach can achieve consistent results by attaching form elements or URL parameters.

ASP. NET Web Form models do not need to be considered if the client disables cookies and JavaScript ), using the page-based method can still help us solve the purpose of sharing data between two requests. In my work experience, I once had a PHP multi-sub-site pure information display website, because the only user is to maintain the editing of the website, editing needs to visit the website, directly modify the location to be modified. Therefore, ViewState is used to achieve the goal. You can decide whether to load the javascript file that enables Online Editing Based on whether to log on, after loading, double-click each area to bring up the editing box. After editing, you can continue to modify the area even if you mention traffic without losing information.

2. Cookie-based

Cookie is a client technology. The server uses dynamic web page technology to read the cookie appended to the request from the client and transmit the cookie to the client, so as to share data between requests. The cookie itself has a size limit, and even if there is no limit, carrying a large cookie is also a heavy burden for the round-trip request. Cookie is the most widely used method to maintain the status. Because cookies Use HTTP request headers and Response Headers for sending and receiving, they are server-independent technologies.

3. Session-based

Cookie can set the expiration time, which is more flexible than the page-based technology. However, there is a hidden danger in verifying the security only by using the client cookie, and the cookie storage size is limited, therefore, the server is used for storage expansion and verification, which is the session method. ASP. NET, PHP, and other built-in session implementation, some large websites and frameworks also provide their own session implementation to meet their respective needs. Most of the websites we see use session technology. ASP. NET built-in session by default, the server memory is stored through Page. session attribute usage, which can be stored in databases or other ways through different Session providers ), PHP's built-in session uses text storage by default and also supports custom methods such as memory or database ).

How to use it?

In fact, ViewState, Cookie, and Session solve the Data Sharing Problem between different requests to varying degrees. The three methods are PHP or ASP with the server side. this is particularly important. ViewState is generally used to save data in the source code of the page form. The restrictions are conceivable. However, it is still okay to use this function to prevent forms from being refilled due to errors. Cookies are stored in text on the client. Although the data size is restricted and security risks exist, a small amount of user information is sufficient. Session can be seen as a cookie enhancement without considering url-based sessions). The second verification on the server enhances the security and uses server resources to store a large amount of data. In this case, I don't know why there is a tangle mentality about a specific website using that method.

1. ViewState can be used to share page status data. Even if the server does not directly support it, it can be easily implemented by using dynamic web page technology.

2. Cookies can generally be used for simple storage of user IDs, roles, and personalized information.

3. session is more practical for e-commerce websites or websites that need to complete a task through a series of pages, because simply using cookies makes it difficult to store data in terms of size and security.

Sessions are generally supported by default on the server, whether ASP. NET or PHP. However, the built-in Session may have various problems, so do not use the built-in Session to deny the necessity of the Session method.

Although a website that sells virtual game items does not have a large number of online users at the same time, the Cookie method cannot be met because of the amount of information contained in a single order. Internal query websites use cookies to store user IDs and roles.

If a website Cookie is sufficient, you cannot understand why Session is used. If a website Session method can meet the needs, you cannot understand how to discard the Session method. Once working for a company that uses online transactions of virtual items as its main business, its visitors can put the items in their shopping cart whether they are registered or not, many wow products contain many custom parameters that can be adjusted by the customer. A prepaid order can be generated whether registered or not. For unregistered users, even if the browser is closed, you can view the items added to the order when accessing the service again. It is hard to imagine how to work normally without using the session method. If only the necessary key is stored in the cookie and obtained from the server during access, this is the definition of session.

Without the experience of actually using the session, it is meaningless to study the shortcomings of session implementation in a specific technology on the premise that cookie can be used to meet the requirements, this is just like attacking the physical structure of a static page website with a tree structure from the perspective of a flat structure static page.

Summary

Finding out the limitations of some technologies to determine whether they meet our actual needs will not be confined to the comparison of technologies.

Therefore, do not complicate simple problems. Practice is the most important. This is to transfer status data between two requests. Whether the request page is the same page or not, you only need to consider the method that meets the requirements to the minimum. If you do not know the basic knowledge of cookies, please use your own baidu or google. If you have read the overview and guessed what I want to say, you have applied it in your actual work.

Pay attention to the problems we want to solve, so that the original simple problems are simple. For example, if the Web server is a static file, the URL contains the file path and file name, and even the URL parameters cannot be processed, you can only control the display of the content by using the pseudo filter method of the client javascript. Later, the dynamic web page technology can process URL parameters on the server and dynamically generate content based on the request. Then, the MVC method appears, and the URL maps directly to the Controller and Action from the corresponding path and file name. However, the difference between the two lies in the different perspectives of the problem. None of them is completely alternative, or the focus should be on whether the problem can be solved properly. Do not discuss the advantages of Web Form and ASP. net mvc. in PHP, the logic structure and physical structure can be matched at will. Does dynamic technology support URL ing?Logical Structure and physical structure ingA few years ago, I wrote a method that only uses one dynamic page entry to implement multiple sites. The logical structure is classification + Article name, and the same is true for URLs during access, however, the physical structure only has one PHP file as the portal, and all the content is stored in the mysql database. As required, you can back up the entire website through the database, you can directly Perform Batch operations on the content on dozens of websites, allowing me to map the logical structure and physical structure a lot at once), without affecting your abstraction of the business model, extract behavior interfaces and process business processes.

Note 1: simple principle; Note 2: Action Principle.

This article is from the "Tjerry" blog, please be sure to keep this source http://ttjerry.blog.51cto.com/2226674/998495