Software Technology Tips

Some useful information on ViewState :
1. In ViewState is used to keep state information of controls to cope with the state less nature of HTTP
 and provides a means to persist the state across postbacks.

2. There is a saying - There is no free lunch . And ViewState is no exception .
 Though ViewState is effectively helps pages / controls to maintain their state, it imposes some cost
 >> all view state information are collected, encodes to base 64 string and serialized on each page postback
 >> ViewState adds a lots of extra bytes to the aspx pages
  (In fact, View State is a hidden field, if you open up a page in browser and view the page sources you would see something
    like  :
            <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJOTYyMTA1NzgyD2QWAmYPZBY" />)
3. MUST DISABLE the ViewState of a control by setting "EnableViewState" property to false, whenever you feel the ViewState is unnecessary for any control .
4. Though ViewState is encoded to base 64 string, its NOT ENCRYPTED. So don't use any sensitive information (like customer info, passwords etc..) in ViewState .
5. Incase you are using any sensitive information (say you are displayng a customer info. on grid view and the site is not using SSL), MUST ENCRYPT the view state setting "viewStateEncryptionMode" at page level.
 viewStateEncryptionMode can have three values -
  1. Auto
  2. Always
  3. Never

Set the value to "Always" to force encryption for all controls (of which EnableViewState is set to true) like below :

%@Page viewStateEncryptionMode="Always" ... /%>

Related Tags:

ASP.NET, ViewState, Encryption

Author: Rabinarayan Biswal


Let us Connect!

Awards and Achievements

Red Herringcolor DeloitteFast50 DB ZInnov1   Nascome  DB Stpi

This site uses cookies. We respect your privacy.copyright (c) Mindfire Solutions 2007-2015. Login