What is And Why We Do State Management In ASP.NET MVC

What is the purpose of using State Management in ASP.NET MVC?

If your website consists of multiple pages and you want to share the data appearing on the 2nd page to the 4th page, then you will have to use State Management feature of ASP.NET. Since our whole communication through the internet is done using HTTP Protocol and when a client(Browser) sends request to the server then it establishes a connection using HTTP and server gives the response, after that, connection will be disconnected. Actually each time a connection is created for a request and after the response it will be disconnected, which means if you have some data on first page and want to get it on the 10th, then it will be impossible to do it without state management feature. If you don’t use this feature then you will have to go the database for each single request(if you require data) which creates huge network traffic with increasing number of users.
You can manage the state by the following ways,
  1. Client Side State Management

    1. Cookie
    2. QueryString
    3. Hidden Form Field
  1. Server Side State Management

    1. Session
    2. TempData
Client Side Management means nothing will be stored on server side but on client side and reverse will happen on server side. (i.e. all data will be on server side)

Client Side State Management



Cookie is a text file with some information in it, generated by the most websites that you visit and then saved it in your browser(folder or subfolder) if you have enabled the cookie option.
  1. All information is stored on client side.
  2. With cookie you can use the remember me option, some websites that you visit first time which then asks you or you can choose a language of your choice and then the information on website appears in that particular language every time you visit(depends upon expiry date). Also, you have seen some time, that this kind of option will work on your machine(laptop) not on your other devices, so behind the scenario there is a cookie.
  1. You can disable cookies in your browser settings. This is a major drawback and if you have use cookies in your site for some features then it will cost you badly.
  2. Less secure since you can view the data in cookies by opening DevTools(in chrome)
Cookie types
  1. Persistent (Can specify expiry time)
  2. Non Persistent(Use for sessions and will expire as the browser or tab is closed in which the web app is opened)
The recommended Data limit: 4096bytes(4kb). Size should not exceed this value as you send data (>4KB) using cookie on every request, then more broadband is used because in some scenarios uploading speed can be lesser.


With QueryString, you can specify the data in the URL tab.
  1. Starts with a question mark(?)
  2. If there are two values that you are sending, then it will be separated with &.
  • There is no limit on length of queryString but the most recommended length for query string is 1024 characters. Try your queryString to be in that range because some web servers will through 413 error(Entity too long to respond)
  1. Can’t be disabled by client
  2. Can be used to share information between pages and most suitable where the information is static(remains static for whole website)
  • e.g.You request to go the specific page but the login is required and you fill the form successfully and then redirected to page where you were before login.
  1. You require information on 4th page which is present on 1st page, then you will have to fetch the info again from the database and then send it(if the data is dynamic or changed in recent activity)
  2. The information that we send using QueryString gets visible to all users so it can’t be used to send sensitive data but if require then encrypt it then send.(an extra effort)

Hidden Field

  1. Share information between multiple requests on same page.
  2. If there is Single page application(SAP) or there is a page like login page where you given three attempts to user for entering right username and password then you can use it as a counter.
Can’t be disabled by client.
Need Encryption because the value can be seen by using DevTools of browser.