Kailash's Blogs

State Management in ASP.NET Core

Kailash Chandra Behera | Saturday, July 09, 2022
Kailash's Blogs


State refers to where your web application will hold information and what will keep the user's experience as smooth as possible. This blog we discuss several approaches to preserve user data between requests and how state management happens in ASP.NET core.

Getting Started

The HTTP is a stateless by default, its requests are independent messages that don't retain user values. ASP.NET Core provides following approaches to preserve the user data.

  1. Cookies
  2. Session State
  3. TempData
  4. Query Strings
  5. Hidden fields
  6. HttpContext.Items
  7. Cache

Cookies are generally the most durable form of data persistence on the client. It stores data across the request. Cookies can be deleted by users and expire on clients.  Most browsers restrict cookie size to 4096 bytes. Note that cookies are subject to tampering, they must be validated by the app.

Session State

Session state is most common and popular state management approach. Session in MVC are maintained by providing the cookie in ASP.Net core that contains session ID. The session states are limited to browser, it will only preserve user data while the user browses a web app hence it is considered ephemeral data. We will discuss more about this session state in another blog later.


TempData is basically a dictionary object derived from TempDataDictionary and useful for redirection when data is required for more than a single request because it stores data until reads in another request. The data in TempData can be retain by calling KEEP and PEEK method. ASP.NET Core exposes the Razor Pages TempData or Controller TempData to preserve user information.

Query Strings

A limited amount of data can be passed from one request to another by adding it to the new request's query string. This is useful for capturing state in a persistent manner that allows links with embedded state to be shared through email or social networks. Because URL query strings are public, never use query strings for sensitive data.

Hidden fields

Data can be saved in hidden fields and posted back on the next request. ASP hidden field common in multi-page forms. Because the client can potentially tamper with the data, the app must always revalidate the data stored in hidden fields.


The HttpContext.Items collection is used to store data while processing a single request. The collection's contents are discarded after a request is processed. The Items collection is often used to allow components or middleware to communicate when they operate at different points in time during a request and have no direct way to pass parameters. We will discuss more on this in another blog later.


Caching is an efficient way to store and retrieve data. The app can control the lifetime of cached items. Cached data isn't associated with a specific request, user, or session. Do not cache user-specific data that may be retrieved by other user requests.


No comments: