Why would you ever use asp.net's ViewState storage object over the Session storage object?

Question

Other than because session storage is session-global to more than one page, why would you ever want to use the viewstate to hold values?

It seems kind of ridiculous

Answer 1

The whole reason for Viewstate or Session is to turn the web from a stateless system into a dynamic, customized experience. When a user requests a page, the only way you can resume where the user left off in their experience is to remember the state either on the server or on the user's client.

Viewstate is a mechanism for remembering the user's state on the client. Session is a mechanism for remembering the user's state on the server.

Viewstate is a transient storage mechanism. Controls that use viewstate have their state rendered into the html page as a hidden input. To prevent tampering, it is signed. It is not encrypted, however, so you probably want to avoid putting ANYTHING sensitive in there. Viewstate is useful for situations where you want to post across series of multiple requests (page loads). An example of this is when a form doesn't validate because maybe the user entered a bad email address or something, and you want to restore the form as it was before the user submitted. The downsides to this is that viewstate is a hungry beast and can easily add 30-50% to page size.

Session, on the other hand, is stored on the server. The client gets a token that tells the server which block of memory is theirs. This can be much more secure than viewstate because the data isn't being retransmitted to the user over and over. There are trade-offs though. Your server can run out of memory. Or, the user could lose the data if their session is disrupted.

Generally, there's no "right" answer on which to use. It is all about what you are trying to accomplish.

Most things to do with controls should use Viewstate. IF you're dealing with sensitive information however, consider Session. If you have data that is for a specific set of pages, use viewstate. If it is data that you will need throughout a user's visit on your site, considier Session.