JavaScript Editor jscript editor     Web designer 



Main Page

View state is a repository in an ASP.NET page that can store values that need to be retained during postback. For example, you can store information in view state that will be accessed during the page load event the next time the page is sent to the server. For usage recommendations, see ASP.NET State Management Recommendations.

View state data is stored in one or more hidden fields as base64-encoded strings. You can access view state information using the page's ViewState property, which exposes a dictionary object. Because the data in view state is stored as a string, only objects that can be serialized can be stored.

NoteNote

To use the ViewState property, the ASP.NET Web page must contain a form element with the attribute runat="server". For usage recommendations, see ASP.NET State Management Recommendations.

To read a value from view state

  • In page code, set the value of the variable in the ViewState property.

    The following code example shows how you can get an ArrayList object named arrayListInViewState from view state and then bind a GridView control to the object as a data source.

    [Visual Basic]

    В CopyCode imageCopy Code
    Dim arrayList As ArrayList
    arrayList = CType(ViewState("arrayListInViewState"), ArrayList)
    
    Me.GridView1.DataSource = arrayList
    Me.GridView1.DataBind()

    C#В CopyCode imageCopy Code
    arrayList = new ArrayList();
    arrayList = (ArrayList)ViewState["arrayListInViewState"];
    
    this.GridView1.DataSource = arrayList;
    this.GridView1.DataBind();

Robust Programming

Values in view state are typed as String. In Visual Basic, if you set Option Strict On, you must cast view state values to the appropriate type before using them, as shown in the example. In C#, you should always cast to the appropriate type when reading view state values.

No exception is thrown if you attempt to get a value out of view state that does not exist. To be sure that the value you want is in view state, check first for the existence of the object with a test such as the following:

Visual BasicВ CopyCode imageCopy Code
If ViewState("color") Is Nothing Then
    ' No such value in view state, take appropriate action.
End If
C#В CopyCode imageCopy Code
if (ViewState["color"] == null)
    // No such value in view state, take appropriate action.

If you attempt to use a nonexistent view state entry in some other way (for example, to examine its type), a NullReferenceException exception is thrown.

View state information is stored using base64 encoding and is included in the page during rendering, increasing the size of the page. When the page is posted back, the contents of view state are sent as part of the page postback information. Because this can significantly increase network traffic and slow down connections, it is recommended that you do not store large quantities of information in view state.

Another important consideration is that if the amount of data in a hidden field becomes large, some proxies and firewalls will prevent access to the page that contains them. Because the maximum amount can vary with different firewall and proxy implementations, large hidden fields can be sporadically problematic. For more information see ASP.NET State Management Recommendations.

Some mobile devices do not allow hidden fields at all. Therefore, view state will not work for those devices. For more information, see ASP.NET Mobile Application Development Overview.

Security

Information in view state is stored in base-64 format, but it can be tampered with by malicious users. You should treat information stored in view state as user-supplied data and always validate the information before using it. For more information about mitigating view state security risks, see Securing View State. For general information about securing your ASP.NET application, see ASP.NET Web Application Security and Basic Security Practices for Web Applications.

See Also



JavaScript Editor jscript editor     Web designer