hidden field vs viewstate

Question

What is the difference when using

Hidden field vs View state?
When to use each one ?
Which one more secure?
Which is better in performance?
what are the alternatives?

Neither are really better or worse than each other. What do you want to store? — Phill, Jan 23 '11 at 09:33
sometimes (IDs for products),sometimes data table and so on.. — Anyname Donotcare, Jan 23 '11 at 09:38

score 8 · Accepted Answer · answered Jan 23 '11 at 09:34

8

ViewState is stored in a hidden field and it contains information about the entire page. It can also be encrypted. Because the view state is always sent to the codebehind when performing Postbacks it is very practical as you always get the values. The drawback is that it can get really large if you start putting much information inside it and performance could start to suffer. For example in some AJAX requests you want to only send some small information to the server and if you used UpdatePanels the entire ViewState will be sent and it will contain information that is not necessary.

answered Jan 23 '11 at 09:34

Darin Dimitrov

1,023,142
271
3,287
2,928

yeah ,, u mean that using viewstate with heavy use of AJAX is not a performance wise? – Anyname Donotcare Jan 23 '11 at 09:44
1

@just_name, it depends how you are doing AJAX. If you are using UpdatePanels, then no, it is not wise, if you are using some other framework such as jQuery you have full control of what is being sent to the server. – Darin Dimitrov Jan 23 '11 at 09:46

score 3 · Answer 2 · edited May 23 '17 at 12:24

3

A hidden field can be viewed in a pages HTML source whereas ViewState is, to say the least, obfuscated and depending on your .net version, can be encrypted to varying degrees.

asp.net viewstate encryption

Hidden field will be better in performance but provides no security and if the post data can be manipulated, be a lot easier to change the ViewState.

Session variables are a good alternative to these.

edited May 23 '17 at 12:24

Community

1
1

answered Jan 23 '11 at 09:34

PMC

4,698
3
37
57

2

+1 For example if you want client side scripts to be able to easily access the value, use a hidden field. – Lisa Jul 19 '11 at 07:42

score -1 · Answer 3 · edited Nov 11 '16 at 19:32

-1

ViewState internally uses hidden field. It is managed by ASP.NET Engine and is encrypted by default.

On the other hand, with hidden field control, you get to manage what is stored in it. By default, it's not encrypted.

Performance wise, both are same. But, I feel ViewState is more secure. ASP.NET maintains its hash to prevent/identify any tampering with it client side.

You can also use session to store data.

edited Nov 11 '16 at 19:32

Yojimbo

23,288
5
44
48

answered Jan 23 '11 at 09:37

decyclone

30,394
6
63
80

8

ViewState is not encrypted by default - It is a Base64 encoded string. – codingbadger Jan 23 '11 at 09:43

hidden field vs viewstate

3 Answers3