You can manage state in your .NET Web applications using tools available in Internet Information Server (IIS) and within the .NET Framework itself. Many of the IIS tools have not changed for use with ASP.NET but have been updated to be more scalable. The .NET Framework has also added some additional tools you will learn about in this chapter. You'll find several options for managing state, for example:
Using Session and Application objects to cache information
Using memory and disk cookies to preserve information
Using hidden input fields or the URL-embedded data to pass information from one page to another
Using the ViewState property of the page to set and retrieve information stored in a StateBag object
Using SQL Server to store state information
In each case, your goal is to take data from the current page and have that data available, on demand, either when you redisplay the current page or as a reference when you display a different page.
The Session and Application Objects
The Session and Application objects allow you to store name/value pairs. The Session object stores values between Web pages, maintained for each user. You use the Application object to store data that you want to make available across the whole site, for all users. You might use a Session variable to keep track of user identity, as the user navigates the pages of your application. You might use an Application variable to keep track of the number of times a page has been hit. Both of these objects, Session and Application, store the state information on the Web server.
The Application object is not well suited for state management because it's only a single object, for all users and sessions. Typically, applications manage state on a per-user basis; therefore, the Application object will not be discussed in this chapter.
Some developers use memory cookies to reduce the amount of resources stored on the server. Memory cookies pass back and forth from the browser to the server, where they're maintained as the user moves from page to page on a site. When the user closes the browser, the cookie is released from memory.
Permanent (or hard) cookies allow you to save data on the users' local computers. If you know that a user will visit your site multiple times, it makes sense to save state information locally, if the user has allowed this option. The Web server sends permanent cookies to the user's browser, and the browser stores this data on the user's hard disk. The browser can retrieve this data from disk when the user revisits the Web site. The cookie is again passed from the browser to the server for each page.
Hidden Input Fields
Hidden input fields can be used to pass data from one page to another. When the user clicks a submit button, the form posts the data the user filled in, along with any hidden input fields. You create a hidden input field using a normal HTML tag, like this:
<input type="hidden" value="10" name="txtRate">
You can store data in a hidden input field to help maintain state from one page to another. In the preceding example, the value 10 is stored in the hidden field named txtRate.
Embedded URL Parameters
You may pass values on the URL by using value/data pairs. For example, you may call an ASP.NET page like this:
When you navigate to Main.aspx, you pass two variables in the URL: CMD and ID. You can pass quite a bit of information on this URL, so this is a reasonably effective method of maintaining state.
Passing parameter information in the URL displays the values for the user to see that is, if the information is in the URL, it gets displayed in the browser. Therefore, don't plan on passing sensitive data in the URL.
The StateBag Class
The .NET Framework provides the StateBag class, which allows you to preserve view state while you are working within one page. If the user will be posting data back to the server while staying on the same page, you can use a StateBag object to hold multiple intermediate values for this page. You might use this technique when the user must choose a value from one combo box on a page, and then you want to fill the items in another combo box based on the selected item in the first combo box.
The sample project for this chapter is called StateMgmt.sln. You should create a virtual directory for this solution that points to the appropriate folder for its files. You can now load this project because many of the following sections will refer to these sample files.
Without some means of preserving the state between roundtrips to the Web server, the data that you've entered onto a Web page would disappear as you post back the page. If you click a button or take any other action that causes a postback to the server, without some help from ASP.NET, your data would be lost as the server re-sends the current page. ASP.NET takes care of managing this roundtrip postback state for you with no extra coding on your part.
ASP.NET keeps track of this data by adding a hidden input control on each page. This control (always named __VIEWSTATE) maintains all the information from all the controls on the page that have their EnableViewState property set to True. You can see this hidden input variable if you view the source for a Web page from your browser. ASP.NET compresses and encrypts the state information, so you won't be able to discern any of its contents.
In addition to all the other techniques available, you can store state information in a SQL Server database. If you need to maintain a lot of data between pages, this may be your best bet. If you're gathering a large amount of data about the user over several Web pages, you might consider storing this data in SQL Server. There are two techniques for using SQL Server: You can construct the session data and insert the data into the database yourself, or you can let the .NET Framework handle the job for you automatically.