Session
Cookies
View State
Query String
Application
Allowed Data Types
All serializable
data types.
String data
data types
Limited String data
All .net data types
Location
Server memory
Computer (in
memory or a
small text file)
Hidden field in
current web page.
URL string
Lifetime
Times out after a predefined period (usually 20 minutes but can be altered globally or programmatically)
Set by
programmer. It
can be used in
multiple pages
Retained permanently for postbacks to a
single page.
Lost when the user enters a new URL
The lifetime of the application
(typically, until the server rebooted).
Scope
The whole
ASP. net application
ASP.net
application
Limited to the current page
Limited to the target page
Security
Secure, because data is never transmitted to the client. However, subject to session may be hijacking
Insecure and can be modified by the user
By default it’s insecure. Can use Page directives to encryption and hashing
Clearly visible and easy for the user to modify
Very secure, because data is
never transmitted to the client
Typical Use
Store items in a shopping basket
Personalization
preferences for a website
Page-specific settings
Sending a product ID from a catalog page to a details page
Storing any type of global data