Viewstate vs Session Variables

Hello there.

I'm writing an application where I need to be able to track certain info about a user, and even end the app after a period of inactivity.

It's pretty sensitive information, so I need it to be as secure as possible.

Should I be using Viewstate or Session to persist this state info?

thanks.

 

dd



0
drdexter33
6/13/2006 3:45:18 PM
asp.net.state-management 8807 articles. 0 followers. Follow

6 Replies
1001 Views

Similar Articles

[PageSpeed] 30
Get it on Google Play
Get it on Apple App Store

Viewstate provides no security.
Mike Banavige
~~~~~~~~~~~~
Need a site code sample in a different language? Try converting it with: http://converter.telerik.com/
0
mbanavige
6/13/2006 6:56:01 PM

The ViewState does provide some basic protection in ASP.NET 2.0. It can be turned off, but by default it is on:

  1. AES Encryption.
  2. MAC Protection.

Although it is clearly visible to the user in the source view of the page.


Cheers,
       Kevin Jones


0
vcsjones
6/14/2006 6:33:10 AM

True - ASP.NET 2.0 offers better protection for viewstate than did 1.1
However AES encryption is not turned on by default.

Even with the new ability to encrypt viewstate in 2.0 - microsoft still recommends not storing sensitive data in viewstate.

http://channel9.msdn.com/wiki/default.aspx/Channel9.HowToConfigureTheMachineKeyInASPNET2


Mike Banavige
~~~~~~~~~~~~
Need a site code sample in a different language? Try converting it with: http://converter.telerik.com/
0
mbanavige
6/14/2006 12:53:55 PM
That is true and I agree completely.
Cheers,
       Kevin Jones


0
vcsjones
6/14/2006 1:07:15 PM

Session would be the way to go with this one.  Viewstate is only accessible within the page that it was created while session can be accessed in your entire application.  Also you can set the timeout for your session in your web.config so that the session expires after a certain period of inactivity. And of course, like they said...Viewstate isn't really secured. :D

0
bele04
6/15/2006 7:07:28 AM

well, I thank you all for all of your input...

doug   



0
drdexter33
6/15/2006 12:58:13 PM
Reply:

Similar Artilces:

Opinions on Viewstate vs. Session variable for state management on dataset
I came across many sample codes that using ViewState(myDataSet) and Session("myDataSet"). Which is a better way to use to keep the session around. What are the pros and cons? Anybody can share with your experience or thoughts? Thanks, teresa Take a loot at this article: State Management in Web Forms http://www.c-sharpcorner.com/Code/2004/Feb/StateManagementInWebForms.aspDarrell Norton, MVPDarrell Norton's BlogPlease mark this post as answered if it helped you!...

Session variables vs. Session States
What is the difference and in what situations are they used. Thanks, Mattypee A session state (the state of your session) holds your session variables. If your session state expires (due to inactivity) then you lose your session variables...and any other info stored for that session. If you need to store USER specific information within a web app, then session variables are one(of several) ways to do it. MajorCatsMajorCats Is there any code that you could show that would give an example? Thanks, Mattypee example of what? reading and writing session variables? ...

Viewstate vs. Session State vs. Caching
I need to save state data between postbacks on a page.  This data will only be used by this page. Am I correct that if I need to save simple data types (ints, strings...) that I would be better off using ViewState instead of Sessions or using Cache?   Can more complicated datatypes (entity objects) be saved in ViewState? If so, how? Thanks Hi, Read this: http://www.thedatafarm.com/blog/2007/09/03/EntityKeyAndASPNETViewState.aspx Remember, the more you put in the viewstate the more you are affecting your page's performance(http://msdn2.microsoft.com/en-us/library/...

session vs caching vs control state vs view state
difference between session and cache and view state and control state which is used at what time and for what purpose exactly Hi,this article explains it the best: ASP.NET: Nine Options for Managing Persistent User State in Your ASP.NET Application.Grz, Kris.  Read my blog. Handy Firefox plugins for web developers.Workaround for non working Mark as answer buttons....

ViewState vs Session variables
Hi, AM developing a multiuser web application and I need to get one thing clear. I need to restore values between postback and am wondering wether or not to use viewstate or session variables. If a user saves a value in a viewstate is that available to other users and in my application I do not wish to do that. Should I use session or viewstate variables?? Thanks for your advice Go thru following sites it's useful. Values stored in viewstate can't be spanned across the page..it works only within the same page. values stored in ViewState is available to tht user only. ...

Viewstate vs Session Variables...
I'm a bit confused about when I should use a Viewstate variable, and when I should use a Session Variable. Some explanation of when to use one over the other would be helpful. An example: Say I wanted to build a simple page that has a counter. Everytime you click a button, the page adds one to the counter and displays it on the page. I could accomplish the same thing with a Viewstate variable, or a Session Variable. So which should I use, and why? Thanks! Use viewstate when you need to preserve data for the postbacks. Use session to persist data for the user session. ViewS...

Session State vs ViewState
I know that I have been burned in the past using Sessions classic ASP (not closing, memeory leak, etc). However I heard in asp.net sessions have change dramatically. Scenario: I want to build a midsize to large web app using asp.net 2.0, having a login area where once a user logins...they would carry a GUID......in the admin area...as well as the front facing web app. The user would need a High Time Out Set Though....... After reading some post I know I can do it a couple different way...but it seems that session would be the easiest...I also heard that I could pass view state into session ...

Session vs Cookie State management
 I have always been confused by this, even when I use PHP. Session & Cookies are two most common State management techniques.Sessions last until browser is closed, and Cookies persist beyond that. All that's fine.But I have also heard of permanent vs temporary cookies. And I have also read that a browser not set to accept cookies at all, cannot be tracked using sessions. All this has led me to conclude that temporary cookies are managed in memory & are the way sessions are managed. When the browser is closed, in memory-cookies are lost, and thus the sessions is over.And cook...

Session State in VS.Net
Hi.. I have an ASP background with very little VB. I'm trying to integrate a transactional app into DotNetNuke. The trans app uses session state to verify userid. I dont want to change all the code in the trans. app so I thought updating the following code to include Session("UID") = userId in signin.ascs.vb would do the trick but it doesnt appear to be storing the userid into state. Does anyone know what the problem might be ? If blnLogin Then ' Attempt to Validate User Credentials Dim userId As Integer = objSecurity.UserLogin(txtUsername.Text, txtPassword.Text, _p...

State management upon session variable changes
I noticed that whenever a session variable is changed...the application knows about it and suddenly restarts session. My question is does restart "ALL" sessions or only the active sessions for which the variables changed? Imagine a "multi-user" application all with different states and an administration panel that lets you change session variables.  In this case, my question has to do with the question that if Company X changes his session variables, will only Company X's sessions be reset or will all "sessions" be reset?  Hope that makes sense. ...

ViewState vs. Session vs. Cache
I'm working with C#, VS2005, and ASP.Net 2.0.  I've been reading a lot about State Management but am getting conflicting advice, dependent on version, etc.  So I thought I'd post my assumptions here and feedback from the experts on here.  For my environment, would this be correct:  Object            Scope            Max. Data SizeViewState         Page                 &n...

Passing variables vs session variable
what is the advantage of passing the variable in the url vs storing the variable in a session variable and retrieving it in the second webpage you are accessing?  The variable that you will pass using the QueryString will be visible to the user hence not secured. The value that you put in the Session is not available to the user as it is on the server side and hence more secured. HighOnCodingWanna get high! performance wise does it matter? Just my 2 cents... I remember in college the professors would always harp upon using the Session responsibly. Most of the professors were old...

Session Variables Vs Session Class
Hi All, I am rewriting a classic ASP application in .NET using ASP.net and C#. We used Session Variables to handle storing the current user information throughout the original application.  I was wondering what the benefits would be of using a Session Class over Session Variables, and also how I could implement this? Many thanks in advance for any information you can give me. Regards, Aj Check this out. I think Session class always beneficial since you have more control over accessing and setting your session variables and exception handling. Check the link for its sample implem...

Cache Variable vs. Session Variable
I'm anxious to get some feedback with regard to using a cache variable in lieu of a session variable. My research tells me that caching is the way to go for maintaining state on datasets. However, I've only seen the cache variable discussed as an alternative to an application variable (as opposed to the session variable). I'm actually exploring the idea using of using a cache variable as an alternative to a session variable for maintaining state on a dataset specific to each user (Each user is able to select the fields they wish to view; the user will then be able to page and sort on th...

Web resources about - Viewstate vs Session Variables - asp.net.state-management

Viewing ASP.NET viewstate with ViewState Decoder - testingReflections.com
Tamper-Proofing A hashcode will not secure the actual data within the ViewState field, but it will greatly reduce the likelihood of someone ...

Binary-to-text encoding - Wikipedia, the free encyclopedia
The ASCII text-encoding standard uses 128 unique values (0–127) to represent the alphabetic, numeric, and punctuation characters commonly used ...

Support • FileSeek • Binary Fortress Software
FileSeek: Lightning Fast File Search!

Funny contents index page
A2Zmenu.Com Blog Tutorials Online Exam Ask Question Utility Fun @ Work Funda Contact Us About Us Loading Topic All Category Appraisal FunnyImages ...

Languages -> C# Articles, Tutorials, Examples: ASP Alliance
.NET,ASP,ASP.NET,SQL,XML,HTML,ADO,ADO.NET,JavaScript,JScript,CSharp,VBScript and VB tutorials from AspAlliance.

Blog Archive
Blog Archive 2013 75 Essential Tools for iOS Developers Aug 15 2013 posted in iOS Speaking at Cocoa Conf PDX Jul 13 2013 posted in Speaking In ...

iTunes Sync Tested MP3 Players - Binary Fortress Software
Home • Support Binary Fortress Software The people that give you all of these great applications, and more! DisplayFusion Multi-monitor taskbar, ...

LAMP & Microsoft Stacks - SMX Sydney - David Cropley
... is a great place to start with people using IIS, it will allow you to get a better understanding of your site from an SEO perspective Use viewstates ...

Latest Updates
Latest Updates - Free source code and tutorials for Software developers and Architects.; Updated: 15 Feb 2013

The Antidote to ASP.NET Smart Navigation
One of the issues I have with ASP.NET is that it is postback crazy . Virtually nothing of significance can be done in pure browser client code ...

Resources last updated: 12/16/2015 1:58:09 AM