How to: Save Values in View State
View state is a repository in an ASP.NET page that can store values that need to be retained during postback. View state is typically used for page variables that must be retained rather than user or session data. For example, you can store information in view state that will be accessed during the page load event the next time the page is sent to the server. For usage recommendations, see.
View state data is stored in one or more hidden fields as base64-encoded strings. You can access view state information using the page'sproperty, which exposes a dictionary object. Because the data in view state is stored as a string, only objects that can be serialized can be stored.
Since view state is sent as a hidden field, changes to view state can be made until theevent. Once the page is rendered to the browser, changes to view state will not be saved.
The information in the hidden view state field can be seen if the page output source is viewed, creating a potential security issue. To mitigate this issue, you can encrypt view state by setting the viewStateEncryptionMode attribute in thedirective to "Always". For more information on security issues with saving information in view state, see .
To use the ViewState property, the ASP.NET Web page must have a server form element (<form runat="server">). For usage recommendations, see.
This example saves a string and an integer value to view state.
To save a value to view state
In page code, set the value of the variable in the ViewState property.
The following code example shows how to save anto view state.
<%@ Page Language="VB" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> ' Sample ArrayList for the page. Dim PageArrayList As ArrayList Function CreateArray() As ArrayList ' Create a sample ArrayList. Dim result As ArrayList result = New ArrayList(4) result.Add("item 1") result.Add("item 2") result.Add("item 3") result.Add("item 4") Return result End Function Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) If (Me.ViewState("arrayListInViewState") IsNot Nothing) Then PageArrayList = CType(Me.ViewState("arrayListInViewState"), ArrayList) Else ' ArrayList isn't in view state, so we need to load it from scratch. PageArrayList = CreateArray() End If ' Code that uses PageArrayList. End Sub Sub Page_PreRender(ByVal sender As Object, ByVal e As EventArgs) ' Save PageArrayList before the page is rendered. Me.ViewState.Add("arrayListInViewState", PageArrayList) End Sub </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>View state sample</title> </head> <body> <form id="form1" runat="server"> <div> </div> </form> </body> </html>
To encrypt view state
In thedirective, set the ViewStateEncryptionMode attribute to "Always", as in the following example:
<% @Page ViewStateEncryptionMode="Always" ... %>
Only types marked withcan be stored in view state. For more information, see .
View state information is stored using base64 encoding and is included in the page during rendering, increasing the size of the page. When the page is posted back, the contents of view state are sent as part of the page postback information. Because view state can significantly increase network traffic and slow down connections, it is recommended that you do not store large quantities of information in view state.
Another important consideration is that if the amount of data in a hidden field becomes large, some proxies and firewalls will prevent access to the page that contains them. Because the maximum amount of data allowed in hidden fields can vary with different firewall and proxy implementations, large hidden fields can cause unpredictable behavior. For more information, see.
Some mobile devices do not allow hidden fields at all. Therefore, view state will not work for those devices. For more information, see.
Information in view state is stored in base-64 format, but it can be tampered with by malicious users. You should treat information stored in view state as user-supplied data and always validate the information before using it. For more information about mitigating view state security risks, see. For general information about securing your ASP.NET application, see and .