Using HTML Hidden Fields, ASP.NET creates a hidden field with an ID=”__VIEWSTATE” and the value of the page’s viewstate is encoded (hashed) for security.
When a postback happens (i.e. when a form is submitted to a server), the variable values that are set in the code-behind page are erased from the memory of the client system. This concept would be different from what happens in Windows-based applications, where the variable variables persist in memory until they are freed from the memory either by the garbage collector, or by specific codes like dispose or finalize.
In web applications, variable values simply get erased. But it is very simple to persist these values. They may be persisted using the ViewState object. Before the postback is invoked, the variable’s value is saved in a viewstate object. In the recieving page, the viewstate’s value may be retrieved back. See example code below…
//Save the value in ViewState object before the PostBack
ViewState(“SomeVar”) = txtFirstName.text;
//Retrieve the value from ViewState object after the PostBack
String strFirstName = ViewState(“SomeVar”).ToString();
Note that the viewstate value is saved and then passed to the next page by ASP.NET in the form of a hidden variable. Ideally, big values like datasets should not be saved in viewstate as they may tend to slow down the performance of the web page.
Item stored in ViewState exist for the life of the current page. This includes postbacks. Viewstate become nothing once it redirects or transfer to another page.
Http is a stateless protocol. Hence, the state of controls is not saved between postbacks. Viewstate is the means of storing the state of server side controls between postbacks. The information is stored in HTML hidden fields. In other words, it is a snapshot of the contents of a page.
Hidden fields technique is widely used in ASP.NET programming. This control enables a developer to store a non-displayed value in the rendered HTML of the page. The HiddenField control is used to store a value that needs to be persisted across multiple postbacks to the server. Hidden fields are html input control with hidden type that store hidden data in the html. An example for a hidden field can look like this in your Web Page as:
<asp:HiddenField ID="MyHiddenField" runat="server" Value=”Hidden field value”/>
It will be hidden to the user that means you can store some value but user cannot able to see that value in a webpage. But you should not keep any sensitive information in hidden field because it is available in a webpage, but user cannot see it directly. You can see the hidden field value by right click on a web page and go to “View Source”. There you can see the hidden field value along with html tag available in a web page, so it is not secure.
It allows the page to save the users input on a form across postbacks. It saves all the server side values for a given control into ViewState, which is stored as a hidden value on the page before sending the page to the clients browser. When the page is posted back to the server, the server control is recreated with the state stored in viewstate.