Some useful information on ViewState :
1. In asp.net ViewState is used to keep state information of controls to cope with the state less nature of HTTP
and provides a means to persist the state across postbacks.
2. There is a saying – There is no free lunch . And ViewState is no exception .
Though ViewState is effectively helps asp.net pages / controls to maintain their state, it imposes some cost
>> all view state information are collected, encodes to base 64 string and serialized on each page postback
>> ViewState adds a lots of extra bytes to the aspx pages
(In fact, View State is a hidden field, if you open up a page in browser and view the page sources you would see something
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJOTYyMTA1NzgyD2QWAmYPZBY" />)
3. MUST DISABLE the ViewState of a control by setting “EnableViewState” property to false, whenever you feel the ViewState is unnecessary for any control .
4. Though ViewState is encoded to base 64 string, its NOT ENCRYPTED. So don’t use any sensitive information (like customer info, passwords etc..) in ViewState .
5. Incase you are using any sensitive information (say you are displayng a customer info. on grid view and the site is not using SSL), MUST ENCRYPT the view state setting “viewStateEncryptionMode” at page level.
viewStateEncryptionMode can have three values –
Set the value to “Always” to force encryption for all controls (of which EnableViewState is set to true) like below :
<%@Page viewStateEncryptionMode="Always" ... /%>