tags:

views:

89

answers:

5
+1  Q: 

Maintain state of an asp.net page

Hi, what is your preferred method to maintain state of an asp.net page, if it is a public website (involving shopping cart, wish-list etc). I am in the process of designing a website that will need to ensure that the user is not able to tamper with the state (such as delete cookies etc).

A: 

I am in the process of designing a website that will need to ensure that the user is not able to tamper with the state (such as delete cookies etc).

I would use the session state. It's easy and effective.

You can't stop them from tampering with it as far as deleting cookies etc. Maybe altering the cookies, but not deleting them.

You can store the vital information on the server, so no sensitive information is stored on the client in a cookie etc.

Kevin  2010-06-08 18:16:18
+1  A: 

To prevent user tampering you will need to store session state on the server side. A good practice is store it either in a database (sql server) or out of process, which can be either on the same server or another server, sometimes called a state server.

Matthew Sposato  2010-06-08 18:18:12
A: 

The preferred method of maintaining state is using viewstate. However, you want to keep the amount you store in it to a minimum as it will noticeably affect speed.

If you need to store information from page to page, I would recommend using session state. It's easy and very flexible.

asp316  2010-06-08 18:18:20
A: 

The user will always be able to tamper with any method you use to store state. Consider these examples:

  • Cookies - can alter, delete
  • Session - can delete, timeout, change session key
  • ViewState - can mess with the key

I encrypt my data and store the key in a cookie - such as cart id, user id, etc.. The cookie can be loaded at login and can be tampered with, but because the key encrypted, no real harm can be done. Storing in the session can work, but the timeouts have bitten me on many occasions and requires more considerations.

Corey Coogan  2010-06-08 18:20:03
What do you use to encrypt the data?
user279521  2010-06-08 19:05:36
+2  A: 

Both of those pieces of data (shopping cart & wish list) sound like they should be stored in your database, so they can persist beyond cookies being deleted or the session timing out.

Greg  2010-06-08 18:26:13

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?