Summary

In this chapter, we examined three techniques for managing client state: session state, view state, and cookies. Session state is a powerful tool that you can use to store data associated with individual users. Session state requires a storage location for this user data. By default, user data is stored in the current process’s memory space, as was the case with ASP. However, ASP.NET introduces a powerful new concept known as out-of-process session state that allows for all servers in a farm to use a common store such as SQL Server. Additionally, session state requires the use of a session ID. The session ID is a token shared between the client and the server that is used to identify the client’s session to the server on subsequent requests.

View state solves a problem that many developers have solved in the past through custom code. Unlike session state, view state never times out, but it is limited to the postback life cycle of a page—once you navigate away from the page, you lose your view state. View state allows for simple types to be stored in the hidden input in the HTML of the page, but caution should be used when using view state because the size of ViewState affects the size of the page the client must download.

Cookies can be used to store client state independent of the server. However, cookies are not an approved standard and have data storage limitations.

Choosing the appropriate client state management technique depends on what you need to accomplish within your application. ASP.NET provides you with easy-to-use APIs for working with the three client state management techniques covered in this chapter. In Chapter 6, we’ll examine another type of state: application state.