Pages

Tuesday, May 25, 2010

State Management in ASP.NET

Purpose

State management is the process by which you maintain state and page information over multiple requests for the same or different pages.

Types of State Management

There are 2 types of State Management:

1. Client – Side State Management

  • Cookies
  • View state
  • Hidden fields
  • Query strings
  • Control state


2. Server – Side State Management

  • Application state
  • Session state
  • Profile Properties
  • Database Support

Advantages

Advantages of Client – Side State Management:

1. Better Scalability: With server-side state management, each client that connects to the Web server consumes memory on the Web server. If a Web site has hundreds or thousands of simultaneous users, the memory consumed by storing state management information can become a limiting factor. Pushing this burden to the clients removes that potential bottleneck.

2. Supports multiple Web servers: With client-side state management, you can distribute incoming requests across multiple Web servers with no changes to your application because the client provides all the information the Web server needs to process the request. With server-side state management, if a client switches servers in the middle of the session, the new server does not necessarily have access to the client’s state information. You can use multiple servers with server-side state management, but you need either intelligent load-balancing (to always forward requests from a client to the same server) or centralized state management (where state is stored in a central database that all Web servers access).

Advantages of Server – Side State Management:

1. Better security: Client-side state management information can be captured (either in transit or while it is stored on the client) or maliciously modified. Therefore, you should never use client-side state management to store confidential information, such as a password, authorization level, or authentication status.

2. Reduced bandwidth: If you store large amounts of state management information, sending that information back and forth to the client can increase bandwidth utilization and page load times, potentially increasing your costs and reducing scalability. The increased bandwidth usage affects mobile clients most of all, because they often have very slow connections. Instead, you should store large amounts of state management data (say, more than 1 KB) on the server.

Focus Points


ASP.NET has more functions and utilities than ASP to enable you to manage page state more efficient and effective. Choosing among the options will depend upon your application; you have to think about the following before making any choose:

· How much information do you need to store?

· Does the client accept persistent or in-memory cookies?

· Do you want to store the information on the client or server?

· Is the information sensitive?

· What kind of performance experience are you expecting from your pages?

· Do you need to store information per user?

· How long do you need to store the information?

· What are the capabilities of the browsers and devices that you are targeting?

Client-side state management summary

Client Side Methods

Time to Use

Cookies

You need to store small amounts of information on the client and security is not an issue.

View state

You need to store small amounts of information for a page that will post back to itself. Use of the View State property does supply semi-secure functionality.

Hidden fields

You need to store small amounts of information for a page that will post back to itself or another page, and security is not an issue*.

Query string

You are transferring small amounts of information from one page to another and security is not an issue**.

Control state

Use when you need to store small amounts of state information for a control between round trips to the server.

* You can use a hidden field only on pages that are submitted to the server.

** You can use query strings only if you are requesting the same page, or another page via a link.

Server-side state management summary

Server Side Methods

Time to Use

Application state object

You are storing infrequently changed, application-scope information that is used by many users, and security is not an issue. Do not store large quantities of information in an application state object.

Session state object

You are storing short-lived information that is specific to an individual session, and security is an issue. Do not store large quantities of information in a session state object. Be aware that a session state object will be created and maintained for the lifetime of every session in your application. In applications hosting many users, this can occupy significant server resources and affect scalability.

Profile properties

Use when you are storing user-specific information that needs to be persisted after the user session is expired and needs to be retrieved again on subsequent visits to your application.

Database support

You are storing large amounts of information, managing transactions, or the information must survive application and session restarts. Data mining is a concern, and security is an issue.

Special thanks to http://google.com and http://msdn.microsoft.com

No comments:

Post a Comment