Software Technology Tips

Some useful information on ViewState :
 
1. In asp.net ViewState is used to keep state information of controls to cope with the state less nature of HTTP
 and provides a means to persist the state across postbacks.

2. There is a saying - There is no free lunch . And ViewState is no exception .
 Though ViewState is effectively helps asp.net pages / controls to maintain their state, it imposes some cost
 
 >> all view state information are collected, encodes to base 64 string and serialized on each page postback
 
 >> ViewState adds a lots of extra bytes to the aspx pages
  (In fact, View State is a hidden field, if you open up a page in browser and view the page sources you would see something
    like  :
            <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJOTYyMTA1NzgyD2QWAmYPZBY" />)
 
3. MUST DISABLE the ViewState of a control by setting "EnableViewState" property to false, whenever you feel the ViewState is unnecessary for any control .
 
4. Though ViewState is encoded to base 64 string, its NOT ENCRYPTED. So don't use any sensitive information (like customer info, passwords etc..) in ViewState .
 
5. Incase you are using any sensitive information (say you are displayng a customer info. on grid view and the site is not using SSL), MUST ENCRYPT the view state setting "viewStateEncryptionMode" at page level.
 
 viewStateEncryptionMode can have three values -
  1. Auto
  2. Always
  3. Never

Set the value to "Always" to force encryption for all controls (of which EnableViewState is set to true) like below :
 

 <
%@Page viewStateEncryptionMode="Always" ... /%>


Related Tags:

ASP.NET, ViewState, Encryption

Author: Rabinarayan Biswal

ASP.NET

Let us Connect!

iso 9001 QA25 Red Herring STPI D&B Fastest Growing SME 2013 Award zinnov Nasscom

This site uses cookies. We respect your privacy.copyright (c) Mindfire Solutions 2007-2015. Login