The HiddenField control provides you with a way to store information in the page without displaying it. For example, you might store a user-preference setting in a HiddenField control. To put information into a HiddenField control, you set its Value property to the value you want to store between postbacks.

As with any other Web server control, the information in a HiddenField control is available during postback. The information is not persisted outside the page.

HiddenField Control and Security

The information in a HiddenField control is not displayed when the browser renders the page, but users can see the contents of the control by viewing the page's source. Therefore, do not store sensitive information in a HiddenField control, such as user IDs, passwords, or credit card information.

Detecting Changed Data

Users can change the value of a HiddenField control before the page is posted back to the server, potentially compromising the information. To help you detect this type of change, the HiddenField control raises a ValueChanged event if the value of the control changes between postbacks. If the values of the HiddenField controls contain sensitive information or are necessary for your application to function properly, you should handle this event for all of the HiddenField controls on the page.

HiddenField Control and Security

Detecting Changed Data

See Also

Concepts