Reputation: 145
To prevent expiring session variables in submit page, should I assign session variable to viewstate variable?
I have a session variable which is used to store a datatable (which changes depending on how the user wishes to add / remove items (data items in the datatable).
At the last page of the whole web application, I have a submit page to allow the user to submit the selected items in the datatable.
Because I think session variables may expire if the page is left open too long, and to prevent errors arising from expired variables, at the page_load function's !IsPostBack I assigned the session variable to a viewstate variable (so the data will be stored in the page's viewstate and not expire).
if(!IsPostBack){ ViewState["myDataTable"] = Session["myDataTable"]}
1) Is this the standard practice and are there any implications / errors when assigning a session variable to a viewstate?
2) After calling ViewState["myDataTable"] = Session["myDataTable"], is it ok to do Session["myDataTable"] = null ?
Upvotes: 0
Views: 256
Answers (2)
Reputation: 2319
Yes, you can do it. but viewstate tends to slow the page loading due to extra overhead. If your dataset is small it is ok, but if its bigger then look for other alternatives.
How ever I will recommend not to go with this method[security problem,slow etc.], instead device a way so that session dosent expire if any page is open?? how?? use jquery/ajax to maintain a connection with server at regular interval.
If you want to go some further implement sql session. It will be the best.
Hope these info help you.
Upvotes: 0
Reputation: 36037
It really depends on the kind and size of data you have there.
It is key to remember that you need to treat anything you send to the client as compromised data. Another way to put it, if you'd be ok with an user having available a form that allows them to input every single bit of that data, only then it is ok.
All said, the viewstate is normally signed, but history as proven is a good idea to follow that general security advice.
As for the size, you need to keep an eye on the amount of data being exchanged on each request.
Last about clearing that session value afterwards, asp.net mvc does similar for what it calls TempData. The scenario for its use: pass some data from one page to the next on non post scenarios + and when you don't want it in the query string.
Upvotes: 1
Related Questions
- What are the pros and cons of using session variables to manage a users session data?
- Managing Session Variable in View Page After Session Expire
- Do Session variables expire after different amount of time?
- what happens when a session variable is assigned to a viewstate?
- ASP.NET: Maintain variable value after session expires
- Getting the value from viewstate, in case the session expires
- When should I consider to use SessionState to keep my variable values?
- if session expires whether the viewstate remains?
- Session State expiry in ASP.NET
- Session State v ViewState