SlideShare una empresa de Scribd logo

Chapter 8 part1

A
application developer
Tecnología
1 de 23
Descargar para leer sin conexión
• The Problem of State • View State • The ViewState Collection • Cross-Page Posting • The Query String • Cookies • Session State • Using Session Object to display Session Details
• Stateless HTTP connection. • Additional steps required to retain information for a longer period of time or over the lifetime of the application. • The information can be as simple as a user’s name or as complex as a stuffed full shopping cart for an ecommerce site.
View state uses a hidden field that ASP.NET automatically inserts in the final, rendered HTML of a web page. It’s a perfect place to store information that’s used for multiple postbacks in a single web page. The Web Server stores most of the properties of the Web Controls of a requested page directly to its view state and retrieve it later when the page is posted back.
• Every item in a View State is stored in a separate “slot” using a unique string name. • ViewState["Counter"] = 1; • ViewState collection stores all items as basic objects so you also need to cast the retrieved value to the appropriate data type using the casting syntax • int counter; • counter = (int)ViewState["Counter"];
ASP.NET runs the view state through a hashing algorithm (with the help of a secret key value). The hashing algorithm creates a hash code. Which is added at the end of the view state data and sent to the browser. When the page is posted back, ASP.NET then checks whether the checksum it calculated matches the hash code. If a malicious user changes part of the view state data, that doesn’t match.
If your view state contains some information you want to keep secret, you can enable view state encryption. You can turn on encryption for an individual page using the ViewStateEncryptionMode property of the Page directive: <%@Page ViewStateEncryptionMode="Always" %> Or <configuration> <system.web> <pages viewStateEncryptionMode="Always" /> ... </system.web> </configuration>
You can store your own objects in view state just as easily as you store numeric and string types. However, to store an item in view state, ASP.NET must be able to convert it into a stream of bytes so that it can be added to the hidden input field in the page. This process is called serialization. If your objects aren’t serializable (and by default they’re not), you’ll receive an error message when you attempt to place them in view state. To make your objects serializable, you need to add a Serializable attribute before your class declaration.
One of the most significant limitations with view state is that it’s tightly bound to a specific page. If the user navigates to another page, this information is lost. Two basic techniques to transfer information between pages are:  Cross-page posting  Query string
With Cross-Page Posting one page can send the user to another page, complete with all the information for that Page. The infrastructure that supports cross-page postbacks is a property named PostBackUrl which comes with  ImageButton, LinkButton, and Button To use cross-posting, you simply set PostBackUrl to the name of another web form. When the user clicks the button, the page will be posted to that new URL with the values from all the input controls on the current page.
Response.Redirect("newpage.aspx?recordID=10"); You can send multiple parameters as long as they’re separated with an ampersand (&): Response.Redirect("newpage.aspx?recordID=10& mode=full"); The receiving can receive the values from the QueryString dictionary collection exposed by the built-in Request object: string ID = Request.QueryString["recordID"];
• Information is limited to simple strings, which must contain URL-legal characters. • Information is clearly visible to the user and to anyone else who cares to eavesdrop on the Internet. • The enterprising user might decide to modify the query string and supply new values, which your program won’t expect and can’t protect against. • Many browsers impose a limit on the length of a URL (usually from 1KB to 2KB). For that reason, you can’t place a large amount of information in the query string.
One potential problem with the query string is that some characters aren’t allowed in a URL. Furthermore, some characters have special meaning. For example, the ampersand (&) is used to separate multiple query string parameters, the plus sign (+) is an alternate way to represent a space, and the number sign (#) is used to point to a specific bookmark in a web page. string url = "QueryStringRecipient.aspx?"; url += "Item=" + Server.UrlEncode (lstItems. SelectedItem.Text) + "&"; url += "Mode=" + chkDetails.Checked.ToString(); Response.Redirect(url);
Cookies are small files that are created in the web browser’s memory (if they’re temporary) or on the client’s hard drive (if they’re permanent). They work transparently without the user being aware that information needs to be stored. They also can be easily used by any page in your application and even be retained between visits, which allows for truly long-term storage.
• They’re limited to simple string information • They’re easily accessible and readable if the user finds and opens the corresponding file. • Some users disable cookies on their browsers, which will cause problems for web applications that require them. • Users might manually delete the cookie files stored on their hard drives.
using System.Net; // Create the cookie object. HttpCookie cookie = new HttpCookie("Preferences"); // Set a value in it. cookie["LanguagePref"] = "English"; // Add another value. cookie["Country"] = "US"; // Add it to the current web response. Response.Cookies.Add(cookie); // This cookie lives for one year. cookie.Expires = DateTime.Now.AddYears(1);
You retrieve cookies by cookie name using the Request.Cookies collection: HttpCookie cookie = Request.Cookies["Preferences"]; if (cookie != null) { language = cookie["LanguagePref"]; } The only way to remove a cookie is by replacing it with a cookie that has an expiration date that has already passed. HttpCookie cookie = new HttpCookie("Preferences"); cookie.Expires = DateTime.Now.AddDays(-1); Response.Cookies.Add(cookie);
An application might need to store and access complex information such as custom data objects, which can’t be sent through a query string. Or the application might have stringent security requirements that prevent it from storing information about a client in view state or in a custom cookie. Session state management allows you to store any type of data in memory on the server. Every client that accesses the application is given a distinct session ID.
ASP.NET tracks each session using a unique 120-bit identifier. ASP.NET uses a proprietary algorithm to generate this value, thereby guaranteeing (statistically speaking) that the number is unique and it’s random enough that a malicious user can’t reverse-engineer or “guess” what session ID a given client will be using. This ID is the only piece of session-related information that is transmitted between the web server and the client. When the client presents the session ID, ASP.NET looks up the corresponding session, retrieves the objects you stored previously, and places them into a special collection so they can be accessed in your code.
Using cookies: In this case, the session ID is transmitted in a special cookie (named ASP.NET_SessionId), which ASP.NET creates automatically when the session collection is used. This is the default. Using modified URLs: In this case, the session ID is transmitted in a specially modified (or munged) URL. This allows you to create applications that use session state with clients that don’t support cookies.
• If the user closes and restarts the browser. • If the user accesses the same page through a different browser window, although the session will still exist if a web page is accessed through the original browser window. Browsers differ on how they handle this situation. • If the session times out due to inactivity. • If your web page code ends the session by calling the Session.Abandon() method.
You can interact with session state using the System.Web.SessionState.HttpSessionState class which is provided in an ASP.NET web page as the built-in Session object.
lblSession.Text = "Session ID: " + Session.SessionID; lblSession.Text += "<br />Number of Objects: "; lblSession.Text += Session.Count.ToString(); lblSession.Text += "<br />Mode: " + Session.Mode.ToString(); lblSession.Text += "<br />Is Cookieless: "; lblSession.Text += Session.IsCookieless.ToString(); lblSession.Text += "<br />Is New: "; lblSession.Text += Session.IsNewSession.ToString(); lblSession.Text += "<br />Timeout (minutes): "; lblSession.Text += Session.Timeout.ToString();

Recomendados

State management
State managementState management
State managementLalit Kale
 
State management
State managementState management
State managementteach4uin
 
State Management in ASP.NET
State Management in ASP.NETState Management in ASP.NET
State Management in ASP.NETShyam Sir
 
Ch05 state management
Ch05 state managementCh05 state management
Ch05 state managementMadhuri Kavade
 
State management
State managementState management
State managementIblesoft
 
Session and state management
Session and state managementSession and state management
Session and state managementPaneliya Prince
 
Asp.net
Asp.netAsp.net
Asp.netYaswanth Babu Gummadivelli
 
State management
State managementState management
State managementIblesoft
 

Recomendados

State management
State managementState management
State managementLalit Kale
 
State management
State managementState management
State managementteach4uin
 
State Management in ASP.NET
State Management in ASP.NETState Management in ASP.NET
State Management in ASP.NETShyam Sir
 
Ch05 state management
Ch05 state managementCh05 state management
Ch05 state managementMadhuri Kavade
 
State management
State managementState management
State managementIblesoft
 
Session and state management
Session and state managementSession and state management
Session and state managementPaneliya Prince
 
Asp.net
Asp.netAsp.net
Asp.netYaswanth Babu Gummadivelli
 
State management
State managementState management
State managementIblesoft
 
State management in ASP .NET
State management in ASP .NETState management in ASP .NET
State management in ASP .NETbaabtra.com - No. 1 supplier of quality freshers
 
ASP.NET Lecture 4
ASP.NET Lecture 4ASP.NET Lecture 4
ASP.NET Lecture 4Julie Iskander
 
05 asp.net session07
05 asp.net session0705 asp.net session07
05 asp.net session07Vivek chan
 
Search engine optimization (seo) from Endeca & ATG
Search engine optimization (seo) from Endeca & ATGSearch engine optimization (seo) from Endeca & ATG
Search engine optimization (seo) from Endeca & ATGVignesh sitaraman
 
ASP.NET 12 - State Management
ASP.NET 12 - State ManagementASP.NET 12 - State Management
ASP.NET 12 - State ManagementRandy Connolly
 
MICROSOFT ASP.NET ONLINE TRAINING
MICROSOFT ASP.NET ONLINE TRAININGMICROSOFT ASP.NET ONLINE TRAINING
MICROSOFT ASP.NET ONLINE TRAININGSanthosh Sap
 
State management 1
State management 1State management 1
State management 1singhadarsh
 
Lecture8
Lecture8Lecture8
Lecture8Châu Thanh Chương
 
Oracle Endeca Developer's Guide
Oracle Endeca Developer's GuideOracle Endeca Developer's Guide
Oracle Endeca Developer's GuideKeyur Shah
 
06 asp.net session08
06 asp.net session0806 asp.net session08
06 asp.net session08Vivek chan
 
State management
State managementState management
State managementMuhammad Amir
 
Managing states
Managing statesManaging states
Managing statesPaneliya Prince
 
Programming web application
Programming web applicationProgramming web application
Programming web applicationaspnet123
 
HTML5 Local Storage
HTML5 Local StorageHTML5 Local Storage
HTML5 Local StorageLior Zamir
 
ASP.NET Lecture 2
ASP.NET Lecture 2ASP.NET Lecture 2
ASP.NET Lecture 2Julie Iskander
 
Generating the Server Response: HTTP Status Codes
Generating the Server Response: HTTP Status CodesGenerating the Server Response: HTTP Status Codes
Generating the Server Response: HTTP Status CodesDeeptiJava
 
State Management.pptx
State Management.pptxState Management.pptx
State Management.pptxDrMonikaPatel2
 
session and cookies.ppt
session and cookies.pptsession and cookies.ppt
session and cookies.pptJayaprasanna4
 
Ecom2
Ecom2Ecom2
Ecom2Santosh Pandey
 
9781305078444 ppt ch09
9781305078444 ppt ch099781305078444 ppt ch09
9781305078444 ppt ch09Terry Yoast
 
C# cookieless session id and application state
C# cookieless session id and application stateC# cookieless session id and application state
C# cookieless session id and application stateMalav Patel
 
Advance Java
Advance JavaAdvance Java
Advance JavaMaitree Patel
 

Más contenido relacionado

La actualidad más candente

05 asp.net session07
05 asp.net session0705 asp.net session07
05 asp.net session07Vivek chan
 
Search engine optimization (seo) from Endeca & ATG
Search engine optimization (seo) from Endeca & ATGSearch engine optimization (seo) from Endeca & ATG
Search engine optimization (seo) from Endeca & ATGVignesh sitaraman
 
ASP.NET 12 - State Management
ASP.NET 12 - State ManagementASP.NET 12 - State Management
ASP.NET 12 - State ManagementRandy Connolly
 
MICROSOFT ASP.NET ONLINE TRAINING
MICROSOFT ASP.NET ONLINE TRAININGMICROSOFT ASP.NET ONLINE TRAINING
MICROSOFT ASP.NET ONLINE TRAININGSanthosh Sap
 
State management 1
State management 1State management 1
State management 1singhadarsh
 
Oracle Endeca Developer's Guide
Oracle Endeca Developer's GuideOracle Endeca Developer's Guide
Oracle Endeca Developer's GuideKeyur Shah
 
06 asp.net session08
06 asp.net session0806 asp.net session08
06 asp.net session08Vivek chan
 
Programming web application
Programming web applicationProgramming web application
Programming web applicationaspnet123
 
HTML5 Local Storage
HTML5 Local StorageHTML5 Local Storage
HTML5 Local StorageLior Zamir
 

La actualidad más candente (14)

State management in ASP .NET
State management in ASP .NETState management in ASP .NET
State management in ASP .NET
 
ASP.NET Lecture 4
ASP.NET Lecture 4ASP.NET Lecture 4
ASP.NET Lecture 4
 
05 asp.net session07
05 asp.net session0705 asp.net session07
05 asp.net session07
 
Search engine optimization (seo) from Endeca & ATG
Search engine optimization (seo) from Endeca & ATGSearch engine optimization (seo) from Endeca & ATG
Search engine optimization (seo) from Endeca & ATG
 
ASP.NET 12 - State Management
ASP.NET 12 - State ManagementASP.NET 12 - State Management
ASP.NET 12 - State Management
 
MICROSOFT ASP.NET ONLINE TRAINING
MICROSOFT ASP.NET ONLINE TRAININGMICROSOFT ASP.NET ONLINE TRAINING
MICROSOFT ASP.NET ONLINE TRAINING
 
State management 1
State management 1State management 1
State management 1
 
Lecture8
Lecture8Lecture8
Lecture8
 
Oracle Endeca Developer's Guide
Oracle Endeca Developer's GuideOracle Endeca Developer's Guide
Oracle Endeca Developer's Guide
 
06 asp.net session08
06 asp.net session0806 asp.net session08
06 asp.net session08
 
State management
State managementState management
State management
 
Managing states
Managing statesManaging states
Managing states
 
Programming web application
Programming web applicationProgramming web application
Programming web application
 
HTML5 Local Storage
HTML5 Local StorageHTML5 Local Storage
HTML5 Local Storage
 

Similar a Chapter 8 part1

Generating the Server Response: HTTP Status Codes
Generating the Server Response: HTTP Status CodesGenerating the Server Response: HTTP Status Codes
Generating the Server Response: HTTP Status CodesDeeptiJava
 
session and cookies.ppt
session and cookies.pptsession and cookies.ppt
session and cookies.pptJayaprasanna4
 
9781305078444 ppt ch09
9781305078444 ppt ch099781305078444 ppt ch09
9781305078444 ppt ch09Terry Yoast
 
C# cookieless session id and application state
C# cookieless session id and application stateC# cookieless session id and application state
C# cookieless session id and application stateMalav Patel
 
Java - Servlet - Mazenet Solution
Java - Servlet - Mazenet SolutionJava - Servlet - Mazenet Solution
Java - Servlet - Mazenet SolutionMazenetsolution
 
state managment
state managment state managment
state managment aniliimd
 
Enterprise java unit-2_chapter-3
Enterprise java unit-2_chapter-3Enterprise java unit-2_chapter-3
Enterprise java unit-2_chapter-3sandeep54552
 
Introducing asp
Introducing aspIntroducing asp
Introducing aspaspnet123
 
Session 32 - Session Management using Cookies
Session 32 - Session Management using CookiesSession 32 - Session Management using Cookies
Session 32 - Session Management using CookiesPawanMM
 
Server side programming bt0083
Server side programming bt0083Server side programming bt0083
Server side programming bt0083Divyam Pateriya
 
ASP.Net Presentation Part3
ASP.Net Presentation Part3ASP.Net Presentation Part3
ASP.Net Presentation Part3Neeraj Mathur
 
Bt0083 server side programing
Bt0083 server side programing Bt0083 server side programing
Bt0083 server side programing Techglyphs
 

Similar a Chapter 8 part1 (20)

ASP.NET Lecture 2
ASP.NET Lecture 2ASP.NET Lecture 2
ASP.NET Lecture 2
 
Generating the Server Response: HTTP Status Codes
Generating the Server Response: HTTP Status CodesGenerating the Server Response: HTTP Status Codes
Generating the Server Response: HTTP Status Codes
 
State Management.pptx
State Management.pptxState Management.pptx
State Management.pptx
 
session and cookies.ppt
session and cookies.pptsession and cookies.ppt
session and cookies.ppt
 
Ecom2
Ecom2Ecom2
Ecom2
 
9781305078444 ppt ch09
9781305078444 ppt ch099781305078444 ppt ch09
9781305078444 ppt ch09
 
C# cookieless session id and application state
C# cookieless session id and application stateC# cookieless session id and application state
C# cookieless session id and application state
 
Advance Java
Advance JavaAdvance Java
Advance Java
 
ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security Issues
 
Java - Servlet - Mazenet Solution
Java - Servlet - Mazenet SolutionJava - Servlet - Mazenet Solution
Java - Servlet - Mazenet Solution
 
state managment
state managment state managment
state managment
 
Caching in Kentico 11
Caching in Kentico 11Caching in Kentico 11
Caching in Kentico 11
 
Enterprise java unit-2_chapter-3
Enterprise java unit-2_chapter-3Enterprise java unit-2_chapter-3
Enterprise java unit-2_chapter-3
 
Chapter 23
Chapter 23Chapter 23
Chapter 23
 
Introducing asp
Introducing aspIntroducing asp
Introducing asp
 
Session 32 - Session Management using Cookies
Session 32 - Session Management using CookiesSession 32 - Session Management using Cookies
Session 32 - Session Management using Cookies
 
Server side programming bt0083
Server side programming bt0083Server side programming bt0083
Server side programming bt0083
 
ASP.Net Presentation Part3
ASP.Net Presentation Part3ASP.Net Presentation Part3
ASP.Net Presentation Part3
 
Bt0083 server side programing
Bt0083 server side programing Bt0083 server side programing
Bt0083 server side programing
 
Sessions and cookies
Sessions and cookiesSessions and cookies
Sessions and cookies
 

Más de application developer

Más de application developer (20)

Chapter 26
Chapter 26Chapter 26
Chapter 26
 
Chapter 25
Chapter 25Chapter 25
Chapter 25
 
Assignment
AssignmentAssignment
Assignment
 
Next step job board (Assignment)
Next step job board (Assignment)Next step job board (Assignment)
Next step job board (Assignment)
 
Chapter 19
Chapter 19Chapter 19
Chapter 19
 
Chapter 18
Chapter 18Chapter 18
Chapter 18
 
Chapter 17
Chapter 17Chapter 17
Chapter 17
 
Chapter 16
Chapter 16Chapter 16
Chapter 16
 
Week 3 assignment
Week 3 assignmentWeek 3 assignment
Week 3 assignment
 
Chapter 15
Chapter 15Chapter 15
Chapter 15
 
Chapter 14
Chapter 14Chapter 14
Chapter 14
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
 
Chapter 11
Chapter 11Chapter 11
Chapter 11
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
 
C # test paper
C # test paperC # test paper
C # test paper
 
Chapter 9
Chapter 9Chapter 9
Chapter 9
 
Chapter 8 part2
Chapter 8 part2Chapter 8 part2
Chapter 8 part2
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
 

Último

All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

Chapter 8 part1

  • 1. • The Problem of State • View State • The ViewState Collection • Cross-Page Posting • The Query String • Cookies • Session State • Using Session Object to display Session Details
  • 2. • Stateless HTTP connection. • Additional steps required to retain information for a longer period of time or over the lifetime of the application. • The information can be as simple as a user’s name or as complex as a stuffed full shopping cart for an ecommerce site.
  • 3. View state uses a hidden field that ASP.NET automatically inserts in the final, rendered HTML of a web page. It’s a perfect place to store information that’s used for multiple postbacks in a single web page. The Web Server stores most of the properties of the Web Controls of a requested page directly to its view state and retrieve it later when the page is posted back.
  • 4. • Every item in a View State is stored in a separate “slot” using a unique string name. • ViewState["Counter"] = 1; • ViewState collection stores all items as basic objects so you also need to cast the retrieved value to the appropriate data type using the casting syntax • int counter; • counter = (int)ViewState["Counter"];
  • 5. ASP.NET runs the view state through a hashing algorithm (with the help of a secret key value). The hashing algorithm creates a hash code. Which is added at the end of the view state data and sent to the browser. When the page is posted back, ASP.NET then checks whether the checksum it calculated matches the hash code. If a malicious user changes part of the view state data, that doesn’t match.
  • 6. If your view state contains some information you want to keep secret, you can enable view state encryption. You can turn on encryption for an individual page using the ViewStateEncryptionMode property of the Page directive: <%@Page ViewStateEncryptionMode="Always" %> Or <configuration> <system.web> <pages viewStateEncryptionMode="Always" /> ... </system.web> </configuration>
  • 7. You can store your own objects in view state just as easily as you store numeric and string types. However, to store an item in view state, ASP.NET must be able to convert it into a stream of bytes so that it can be added to the hidden input field in the page. This process is called serialization. If your objects aren’t serializable (and by default they’re not), you’ll receive an error message when you attempt to place them in view state. To make your objects serializable, you need to add a Serializable attribute before your class declaration.
  • 8. One of the most significant limitations with view state is that it’s tightly bound to a specific page. If the user navigates to another page, this information is lost. Two basic techniques to transfer information between pages are:  Cross-page posting  Query string
  • 9. With Cross-Page Posting one page can send the user to another page, complete with all the information for that Page. The infrastructure that supports cross-page postbacks is a property named PostBackUrl which comes with  ImageButton, LinkButton, and Button To use cross-posting, you simply set PostBackUrl to the name of another web form. When the user clicks the button, the page will be posted to that new URL with the values from all the input controls on the current page.
  • 10. Response.Redirect("newpage.aspx?recordID=10"); You can send multiple parameters as long as they’re separated with an ampersand (&): Response.Redirect("newpage.aspx?recordID=10& mode=full"); The receiving can receive the values from the QueryString dictionary collection exposed by the built-in Request object: string ID = Request.QueryString["recordID"];
  • 11. • Information is limited to simple strings, which must contain URL-legal characters. • Information is clearly visible to the user and to anyone else who cares to eavesdrop on the Internet. • The enterprising user might decide to modify the query string and supply new values, which your program won’t expect and can’t protect against. • Many browsers impose a limit on the length of a URL (usually from 1KB to 2KB). For that reason, you can’t place a large amount of information in the query string.
  • 12. One potential problem with the query string is that some characters aren’t allowed in a URL. Furthermore, some characters have special meaning. For example, the ampersand (&) is used to separate multiple query string parameters, the plus sign (+) is an alternate way to represent a space, and the number sign (#) is used to point to a specific bookmark in a web page. string url = "QueryStringRecipient.aspx?"; url += "Item=" + Server.UrlEncode (lstItems. SelectedItem.Text) + "&"; url += "Mode=" + chkDetails.Checked.ToString(); Response.Redirect(url);
  • 13. Cookies are small files that are created in the web browser’s memory (if they’re temporary) or on the client’s hard drive (if they’re permanent). They work transparently without the user being aware that information needs to be stored. They also can be easily used by any page in your application and even be retained between visits, which allows for truly long-term storage.
  • 14. They’re limited to simple string information • They’re easily accessible and readable if the user finds and opens the corresponding file. • Some users disable cookies on their browsers, which will cause problems for web applications that require them. • Users might manually delete the cookie files stored on their hard drives.
  • 15. using System.Net; // Create the cookie object. HttpCookie cookie = new HttpCookie("Preferences"); // Set a value in it. cookie["LanguagePref"] = "English"; // Add another value. cookie["Country"] = "US"; // Add it to the current web response. Response.Cookies.Add(cookie); // This cookie lives for one year. cookie.Expires = DateTime.Now.AddYears(1);
  • 16. You retrieve cookies by cookie name using the Request.Cookies collection: HttpCookie cookie = Request.Cookies["Preferences"]; if (cookie != null) { language = cookie["LanguagePref"]; } The only way to remove a cookie is by replacing it with a cookie that has an expiration date that has already passed. HttpCookie cookie = new HttpCookie("Preferences"); cookie.Expires = DateTime.Now.AddDays(-1); Response.Cookies.Add(cookie);
  • 17. An application might need to store and access complex information such as custom data objects, which can’t be sent through a query string. Or the application might have stringent security requirements that prevent it from storing information about a client in view state or in a custom cookie. Session state management allows you to store any type of data in memory on the server. Every client that accesses the application is given a distinct session ID.
  • 18. ASP.NET tracks each session using a unique 120-bit identifier. ASP.NET uses a proprietary algorithm to generate this value, thereby guaranteeing (statistically speaking) that the number is unique and it’s random enough that a malicious user can’t reverse-engineer or “guess” what session ID a given client will be using. This ID is the only piece of session-related information that is transmitted between the web server and the client. When the client presents the session ID, ASP.NET looks up the corresponding session, retrieves the objects you stored previously, and places them into a special collection so they can be accessed in your code.
  • 19. Using cookies: In this case, the session ID is transmitted in a special cookie (named ASP.NET_SessionId), which ASP.NET creates automatically when the session collection is used. This is the default. Using modified URLs: In this case, the session ID is transmitted in a specially modified (or munged) URL. This allows you to create applications that use session state with clients that don’t support cookies.
  • 20. • If the user closes and restarts the browser. • If the user accesses the same page through a different browser window, although the session will still exist if a web page is accessed through the original browser window. Browsers differ on how they handle this situation. • If the session times out due to inactivity. • If your web page code ends the session by calling the Session.Abandon() method.
  • 21. You can interact with session state using the System.Web.SessionState.HttpSessionState class which is provided in an ASP.NET web page as the built-in Session object.
  • 22.
  • 23. lblSession.Text = "Session ID: " + Session.SessionID; lblSession.Text += "<br />Number of Objects: "; lblSession.Text += Session.Count.ToString(); lblSession.Text += "<br />Mode: " + Session.Mode.ToString(); lblSession.Text += "<br />Is Cookieless: "; lblSession.Text += Session.IsCookieless.ToString(); lblSession.Text += "<br />Is New: "; lblSession.Text += Session.IsNewSession.ToString(); lblSession.Text += "<br />Timeout (minutes): "; lblSession.Text += Session.Timeout.ToString();