There are different ways web applications can store state all with advantages and disadvantages and varying use cases. The table below summarises how hidden fields, URLs, cookies and server-side sessions are used to store state in web applications.
|storage space||No limit, the more data you store the slower pages will load.||Limited by URL length (2000 characters)||Limited to 4000 characters||Unlimited, provided you can store that information on your own servers.|
|storage location||on client||on client||on client||on server|
|visibility||visible in HTML code||visible in browser’s address bar||visible if you know how to view them||invisible as it is stored on the server|
|security||low||low||low||relatively secure: state information kept on server, never transferred across network. (with the exception of the client session ID)|
|format||string||string||string||original object format|
|lifetime||closing browser||closing of web page||indefinite (can set cookies to expire in 2099)||indefinite, since you are storing it on your own servers. Can choose to remove dead sessions after X minutes.|
Sessions in ASP.NET
.NET tries to simplify session management as it uses the
I hope this post serves as a concise summary of different approaches to storing state in web applications.