State Management Approaches in Web Applications (.NET)

There are different ways web applications can store state all with advantages and disadvantages and varying use cases. The table below summarises how hidden fields, URLs, cookies and server-side sessions are used to store state in web applications.

 Hidden FieldsURLCookiesSessions
storage spaceNo limit, the more data you store the slower pages will load.Limited by URL length (2000 characters)Limited to 4000 charactersUnlimited, provided you can store that information on your own servers.
storage locationon clienton clienton clienton server
visibilityvisible in HTML codevisible in browser’s address barvisible if you know how to view theminvisible as it is stored on the server
securitylowlowlowrelatively secure: state information kept on server, never transferred across network. (with the exception of the client session ID)
formatstringstringstringoriginal object format
lifetimeclosing browserclosing of web pageindefinite (can set cookies to expire in 2099)indefinite, since you are storing it on your own servers. Can choose to remove dead sessions after X minutes.

Sessions in ASP.NET

.NET tries to simplify session management as it uses the HttpSessionState class tomanage sessions for you. This class gives you a number of options allowing you to specifiy the sessiontimeout, use of cookies etc. .NET uses a 120-bit identification number to identify and keep track of clients and their state.

I hope this post serves as a concise summary of different approaches to storing state in web applications.