Client Side State Management : ViewState
What is ViewState:
ASP.NET page by default uses ViewState on the page to preserve page and control property values between round-trips. When each page
is processed, the ASP. NET engine hashes the current state of the page and each control on the page into a string and passes the string to
the client browser in a hidden field. When the client posts the page back to the server, ASP.NET parses the hidden field during page
initialization and restores the page and control values back to their prior state.
ViewState is the way in the .Net by which page state (information) is maintained between page postbacks, means. web form is submitted
by the user, this same page performs some processing and perhaps presents further information
ViewState allows the state of objects (serializable) to be stored in a hidden field on the page. ViewState is transported to the
client and back to the server, and is not stored on the server or any other external source. ViewState is used the retain the state of
server-side objects between postabacks.
AS Viewstate is enabled by default in asp.net page , you can able to see viewstate field ion the source of the page
like given below
<input type=”hidden” name=”__VIEWSTATE” id=”__VIEWSTATE”
ViewState is available for Page & Server Controls ( by default activated ) can be handled as follows :
<%@ Page EnableViewState=”false” %>
For Control eg TextBox
<asp:TextBox id=”tbxTrial” Text=”Trial” runat=”server” EnableViewState=”false” />
<asp:GridView ID=”GridView1″ EnableViewState=false runat=”server”>
ViewState to store any object as long as it is serializable with no limitation on Size of object.
we can also save viewstate as like in HashTable Values as key-value pair
ViewState(“pageValue”) = value
and can be retrieved as
textBox.text = ViewState(“pageValue”)
There can possibility that Viewstate can be tampered , so to protect the viewstate from tampering ViewState is encoded using a hash code
using MD5 algorithm.On postback ASP.NET checks the encoded ViewState to verify it has not been tampered with. This is called a machine
authentication check it can be activated by using EnableViewStateMAC attribute as follows.
<%@ Page EnableViewStateMac=”true”%>
similar can be done with the controls also.
and encryption alogrithm mentioned in & can be changed in Machine.Config file.
Advantages of using ViewState
- No server resources required
- Simple implementation , There is no need to write possibly complex code to store form data between page submissions.It is possible to
enable, configure, and disable ViewState on a control-by-control basis, choosing to persist the values of some fields but not others.
- Automatic retention of page and control state
- Enhanced security features. The values in view state are hashed, compressed, and encoded for Unicode implementations.
- Viewstate has advantages the other 3 methods don’t have. One of the most important is the ability of viewstate to support structured data.This means that control values are maintainable across page postbacks.
This means that control values are maintainable across page postbacks.
- Performance. The view state is stored in the page itself, so increase the page size.
- Security. The view state is stoed in a hidden field on the page. Although view stateores data in a hashed format, it can be tampered with.
- Does not track across pages. ViewState information does not automatically transfer from page to page.
- Because the view state for a given page must be kept on the server, it is possible for the current state to be out of synchronization with the current page of the browser, if the user uses the Back feature on the browser to go back in the history.For example, suppose the user goes to Page 1, then clicks a button to go to Page 2, then presses Back to return to Page 1. The current page on the browser is now Page 1,but the current state on the server is that of Page 2.