Using Client Side State Management Techniques like Hidden Fields and ViewState

Part of the You Can Learn ASP.Net and C# series.
By Ken Brown
February 12, 2005

This is a continuation of an article on client side state management. This section will discuss hidden fields and ASP.Net viewstate.

Hidden Fields

The next client side state management technique for ASP.Net is hidden fields. Hidden fields have been around for a long time. This is where you place a text field control on your html page. Then you set the control to hidden. That means that your user cannot see the control or its value on the page when the page loads. It is sitting silently in the background undetected. Well, not exactly.

Hidden fields are not displayed on the web browser, but if you view source, you can see both the hidden field and it's value. Not very secure. They do allow you to post information to other pages, or back to the same page.

The disadvantages of hidden fields?
  1. Increases the HTML size of the page.
  2. You still cannot store structured data
  3. Because you can view page of an HTML page, there is no security
  4. There is no way to persist the data
So even though hidden fields provide some value to your web page, there are still serious limitations that have to be overcome to make it viable as a safe and secure way to store sensitive data from your app.


Next on our list of client side state management methods is Viewstate. This is an ASP.Net tool that allows you to maintain the state of your controls like textbox and listbox across page postbacks.

Viewstate has advantages the other 3 methods don't have. One of the most important is the ability of viewstate to support structured data. This means that control values are maintainable across page postbacks.

Using viewstate can be easy for nonpostback controls.

//use a keyvalue pair to save an object to viewstate.
ViewState["sName"] = strName;

//Then to retrieve viewstate you have to convert to the object type
//by unboxing the object using an explicit conversion.
string sRetrieve;
sRetrieve = (string) ViewState["sName"];
Disadvantages of viewstate

  1. The more controls you have on the form the larger the size of viewstate and the larger the size of the HTML you send back and forth to the server.
  2. Only works when pages postback to themselves.
  3. You can't persist data to other pages.
Even though the viewstate data is encrypted, it would be easy to hack the encrypted data. So you still don't want to save connection strings, passwords or credit card information in viewstate. The really cool thing about viewstate is it's ability to save structured data. Makes it very valuable to pass structured data back to itself on a page instead of going back to the database and re-retrieving the info or recreating the information each time.

Since viewstate is saved as HTML, ASP.Net gives you the ability to disable viewstate for individual controls, for entire pages, for an entire application and even for an entire machine. Very powerful.

For an individual control, just change the EnableViewState property to false to disable the control's viewstate. When a page doesn't postback to itself, meaning it is always sent to a new page, you can disable the page viewstate by addding a page directive.

	<%@ Page EnableViewState="false" %>
At the application level you turn off view state in the web.config file. By disabling viewstate here, you disable the ability of any page to postback to itself and remember it's control's values.

	<pages enableViewState="false" >
So, to summarize, there are 4 types of client side state management techniques. You can use querystrings, hidden fields, cookies and viewstate. They all have their advantages and disadvantages. You have to weigh the need to save the data before you can choose the proper technique. If you want to save structured data you have to choose viewstate. You want to persist data until the next time the user comes to your site? Then your choice is cookies. You want to hide information on a form and then send it to another site, then use hidden text boxes. Send information to another page, use the querystring.

But, remember the limitations of all of them. They are all client side, and they all have limited ability to secure data from the prying eyes of others. To increase security use Session state which is a server side state management technique.

Using client side state management techniques like cookies and querystrings.

Home| About Us | NewsLetters | Contact Us |

Copyright © 2004-2014 You Can Learn Series

You Can Learn Series Home Page You Can Learn Series
You Can Learn Series Home Page Home            About the creators of YouCanLearnSeriesAbout Us      Contact YouCanLearnSeriesContact Us      Site map of YouCanLearnSeriesSite Map      Privacy Policy of You Can Learn SeriesPrivacy Policy       Terms of Use of You Can Learn Series web siteTerms of Use       YouCanLearnSeries RSS feed for C# tips and tutorials     
C# and ASP.Net Programming TipsC# and ASP.Net      SQL Tutorial, tips and tricks for DBA'sSQL       Landscaping Tips for Home GardenersLandscaping       WeightLifting Tips for the Young and OldWeightLifting       Kennos BlogBlog       Good health TipsGoodHealth       Learn about Great Travel DestinationsTravel     Web Business TipsWeb Business            You Can Learn Series' Online StoreStore

You Can Learn C# and ASP.Net SeriesC# and ASP.Net
  Using Client Side Code with C# and ASP.NetClient Side Code
  Using Client Side State Management with C# and ASP.NetClient Side State Management
  Create a C# Class in Visual StudioCreate A Class
  Use A Class in C#Use A Class
  Create a Solution in Visual StudioCreate a Solution
  Create a Project in Visual StudioCreate a Project
  Create an RSS feed for your Web SiteCreate an RSS Feed
  Create an RSS feed for your Web SiteListItemCollection
  Set Events in ASP.NetSet Events ASP.Net
  Set Events in C#Set Events C#
  What is Session State and How to Use it.Session State
  Creating and Using the C# SortedList ObjectSortedList Object
  Stylesheet Tips for Visual Studio .Net and ASP.NetStyleSheet Tricks
  Using C# MethodsUsing Methods
  Pass Objects to MethodsPass Objects to Methods
  Pass Objects from MethodsPass Objects from Methods
  Using Client side State management like ViewState and Hidden fieldsView State
  LDAP, What is Lightweight Directory Access ProtocolWhat is LDAP
  Build an LDAP ReaderBuild an LDAP Reader
  Convert information from LDAP to a Web ServiceLDAP To Web Service
  Question of the dayQuestion of the Day

You Can Learn SQL SeriesSQL
You Can Learn Landscaping and Gardening SeriesLandscape Tips
You Can Learn WeightLifting SeriesWeightLift Tips
Kenno's BlogBlog
You Can Learn Good Health SeriesGood Health Tips
You Can Learn Good Series NewslettersNewsletters
Learn about Great Travel DestinationsTravel
You Can Learn Series Web Business TipsWeb Business Tips
Merchandise Available from You Can Learn SeriesMerchandise

Bill Welter - The Prepared Mind of a Leader

Americas Public Schools