Write For Us

State Management in ASP.Net

Web Pages developed in ASP.Net are HTTP based and HTTP protocol is a stateless protocol. It means that web server does not have any idea about the requests from where they coming i.e from same client or new clients. On each request web pages are created and destroyed.


So, how do we make web pages in ASP.Net which will remember about the user, would be able to distinguish b/w old clients(requests) and new clients(requests) and users previous filled information while navigating to other web pages in web site?

Solution of the above problem lies in State Management.

ASP.Net technology offers following state management techniques.

Client side State Management

  • Cookies

  • Hidden Fields

  • View State

  • Query String

Server side State Management

  • Session State

  • Application State

These state management techniques can be understood and by following simple examples and illustrations of the each techniques.

Client Side State Management


A cookie is a small amount of data which is either stored at client side in text file or in memory of the client browser session. Cookies are always sent with the request to the web server and information can be retrieved from the cookies at the web server. In ASP.Net, HttpRequest object contains cookies collection which is nothing but list of HttpCookie objects. Cookies are generally used for tracking the user/request in ASP.Net for example, ASP.Net internally uses cookie to store session identifier to know whether request is coming from same client or not. We can also store some information like user identifier (UserName/Nick Name etc) in the cookies and retrieve them when any request is made to the web server as described in following example. It should be noted that cookies are generally used for storing only small amount of data(i.e 1-10 KB).

Code Sample

//Storing value in cookie
HttpCookie cookie = new HttpCookie("NickName");
cookie.Value = "David";

//Retrieving value in cookie
if (Request.Cookies.Count > 0 && Request.Cookies["NickName"] != null)
         lblNickName.Text = "Welcome" + Request.Cookies["NickName"].ToString();
         lblNickName.Text = "Welcome Guest";

 Cookies can be permanent in nature or temporary. ASP.Net internally stores temporary cookie at the client side for storing session identifier. By default cookies are temporary and permanent cookie can be placed by setting "Expires" property of the cookie object.

Hidden Fields

A Hidden control is the control which does not render anything on the web page at client browser but can be used to store some information on the web page which can be used on the page.

HTML input control offers hidden type of control by specifying type as "hidden". Hidden control behaves like a normal control except that it is not rendered on the page. Its properties can be specified in a similar manner as you specify properties for other controls. This control will be posted to server in HttpControl collection whenever web form/page is posted to server. Any page specific information can be stored in the hidden field by specifying value property of the control.

ASP.Net provides HtmlInputControl that offers hidden field functionality.

Code Sample

//Declaring a hidden variable
protected HtmlInputHidden hidNickName;

//Populating hidden variable
hidNickName.Value = "Page No 1";
//Retrieving value stored in hidden field.
string str = hidNickName.Value;

Note:Critical information should not be stored in hidden fields.

View State/Control State

ASP.Net technology provides View State/Control State feature to the web forms. View State is used to remember controls state when page is posted back to server. ASP.Net stores view state on client site in hidden field __ViewState in encrypted form. When page is created on web sever this hidden control is populate with state of the controls and when page is posted back to server this information is retrieved and assigned to controls. You can look at this field by looking at the source of the page (i.e by right clicking on page and selecting view source option.)

You do not need to worry about this as this is automatically handled by ASP.Net. You can enable and disable view state behaviour of page and its control by specifying 'enableViewState' property to true and false. You can also store custom information in the view state as described in following code sample. This information can be used in round trips to the web server.

Code Sample

//To Save Information in View State
ViewState.Add ("NickName", "David");

//Retrieving View state
String strNickName = ViewState ["NickName"];

Query String

Query string is the limited way to pass information to the web server while navigating from one page to another page. This information is passed in url of the request.  Following is an example of retrieving information from the query strings.

Code Sample

//Retrieving values from query string
String nickname;

//Retrieving from query string
nickName = Request.Param["NickName"].ToString();

But remember that many browsers impose a limit of 255 characters in query strings. You need to use HTTP-Get method to post a page to server otherwise query string values will not be available.

Server Side State Management

Session State

Session state is used to store and retrieve information about the user as user navigates from one page to another page in ASP.Net web application. Session state is maintained per user basis in ASPNet runtime. It can be of two types in-memory and out of memory. In most of the cases small web applications in-memory session state is used. Out of process session state management technique is used for the high traffic web applications or large applications. It can be configured  with some configuration settings in web.conig file to store state information in ASPNetState.exe (windows service exposed in .Net or on SQL server.

In-memory Session state can be used in following manner

Code Sample

//Storing informaton in session state
Session["NickName"] = "Ambuj";

//Retrieving information from session state
string str = Session["NickName"];

Session state is being maintained automatically by ASP.Net. A new session is started when a new user sents  first request to the server. At that time session state is created and user can use it to store information and retrieve it while navigating to different web pages in ASP.Net web application.

ASP.Net maintains session information using the session identifier which is being transacted b/w user machine and web server on each and every request either using cookies or querystring (if cookieless session is used in web application).

Application State

Application State is used to store information which is shared among users of the ASP.Net web application. Application state is stored in the memory of the windows process which is processing user requests on the web server. Application state is useful in storing small amount of often-used data. If application state is used for such data instead of frequent trips to database, then it increases the response time/performance of the web application.

In ASP.Net, application state is an instance of HttpApplicationState class and it exposes key-value pairs to store information. Its instance is automatically created when a first request is made to web application by any user and same state object is being shared across all subsequent users.

Application state can be used in similar manner as session state but it should be noted that many user might be accessing application state simultaneously so any call to application state object needs to be thread safe. This can be easily achieved in ASP.Net by using lock keyword on the statements which are accessing application state object. This lock keyword places a mutually exclusive lock on the statements and only allows a single thread to access the application state at a time. Following is an example of using application state in an application.

Code Sample

//Stroing information in application state
lock (this)

       Application["NickName"] = "David";

//Retrieving value from application state
lock (this)
      string str = Application["NickName"].ToString();

So, In the above illustrations, we understood the practical concepts of using different state management techniques in ASP.Net techonology.

Following the summary of different state management techniques and their recommended use.

Tutorial toolbar:  Tell A Friend  |  Add to favorites  |  Feedback  |