Interview Q & A on State Management in Asp.Net(Part 3)

1)What is state management in ASP.NET?

   State management is implemented in order to retain information about the user requests. Web pages are stateless. Each request creates new page without retaining any previous information about the user requests. ASP.NET supports several State management techniques to maintain state information.

 2)Difference between Session and Cache?

  

  The key difference is session is per user, while cache will be for application scoped items.

  Another difference is:

    Items put into a session will stay there, until the session ends.

    Items in the cache can expire (will be removed from cache) after a specified amount of time. And also there is no guaranty that objects will not be removed before their expiration times as ASP.NET remove items from cache when the amount of available memory gets small. This process is called as Scavenging.

  Another difference is:

    The session state can be kept external (state server, SQL server) and shared between several instances of your web app (for load balancing)

    This is not the case with the cache.

 3)What are cookies? How many types of cookies are there?

  

   Cookies are small pieces of information stored in the client computer. They are limited to 4K in size.

   Cookies are two types:

      In-memory cookies also called as Session cookies or Non-Persistent cookies

      These cookies are saved in memory and will be lost while closing your browser.

      Persistent cookies

      A persistent cookie is saved as a text file in the file system of the client computer usually under Temporary Internet Files folder. To create persistent cookie we need to set cookie Expires property.

 4)What is ViewState? What are the advantages and disadvantages of view state?

   ASP.NET view state is the technique used by an ASP.NET Web page to persist changes to the state of a Web Form across postbacks. The view state of a page is, by default, placed in a hidden form field named __VIEWSTATE.

 

    Advantages:

          No server resources required

          simple implementation

          automatic retention of page and control state

          Enhanced security features. The values in view state are hashed, compressed, and encoded for Unicode implementations.

    Disadvantages:

          Performance. The view state is stored in the page itself, so increase the page size.

          Security. The view state is stored in a hidden field on the page. Although view state stores data in a hashed format, it can be tampered with.  “

 5)What is the lifespan for items stored in ViewState?

   The items stored in ViewState live until the lifetime of the current page expires including the postbacks to the same page.

 6) What is the function of the ViewState property?

    The ASP.NET 4.0 introduced a new property called ViewStateMode for the Control class. Now you can enable the view state to an individual control even if the view state for an ASP.NET page is disabled.

 7) What is Query String? What are its advantages and limitations?

    The Query String helps in sending the page information to the server.

    The Query String has the following advantages:

    Every browser works with Query Strings.

    It does not require server resources and so does not exert any kind of burden on the server.

    The following are the limitations of Query String:

    Information must be within the limit because URL does not support many characters.

    Information is clearly visible to the user, which leads to security threats.

 8) What is the default timeout for a Cookie?

    The default time duration for a Cookie is 30 minutes.

 9)What is a Cookie? Where is it used in ASP.NET?

    Cookie is a lightweight executable program, which the server posts to client machines. Cookies store the identity of a user at the first visit of the Web site and validate them later on the next visits for their authenticity. The values of a cookie can be transferred between the user's request and the server's response.

 10)What does the "EnableViewState" property do? Why do we want it On or Off?

    The EnableViewState property enables the ViewState property on the page. It is set to On to allow the page to save the users input between postback requests of a Web page; that is, between the Request and corresponding Response objects. When this property is set to Off, the page does not store the users input during postback.

 11)What is the difference between ASP session and ASP.NET session?

    ASP does not support cookie-less sessions; whereas, ASP.NET does. In addition, the ASP.NET session can span across multiple servers.

 12) Can you post and access view state in another application?

     Yes, you can post and access a view state in other applications. However, while posting a view state in another application, the

     PreviousPage property returns null.

 13)Which method do you use to kill explicitly a users session?

    The Session.Abandon() method kills the user session explicitly.

 14) How do we ensure view state is not tampered?

     Using the @Page directive and setting ‘EnableViewStateMac’ property to True.

 15)How to maintain ViewState of dynamically created user controls?

    . ViewState of dynamic controls is maintained automatically so long as you load the control on every request and add it to the control collection.

 16)How to create a permenent cookie?

    by using Expires property we can create Permanent cookie.

 17)Can Dataset be stored in view state?

    Yes, Dataset can also be stored in ViewState but this is not recommended due to overhead of managing a bulk data in ViewState.

 18)Where can we save cashed data and session data?

    Session and cache data are stored on Web Server. If a State Server or Sql Server is used to Store Session Data then Session data is stored on these server instead of Web Server.

 19)What are different methods of session maintenance in ASP.NET?

    In-process storage.

    Session State Service.

    Microsoft SQL Server.

 20)Can any object be stored in a Viewstate in .NET?

    An object that either is serializable or has a TypeConverter defined for it can be persisted in ViewState.

 21).What happens during the Page_Init event?

     The server controls are loaded and initialized from the Web form’s view state. This is the first step in a Web form’s life cycle.

 22)Is ViewState encoded?

    Yes, ViewState is encoded inbase-64 format.

 23)Explain how Viewstate is being formed and how it?s stored on client in .NET?

     ViewState is persisted to a string variable by the ASP.NET page framework and sent to the client and back as a hidden variable. Upon postback, the page framework parses the input string from the hidden variable and populates the ViewState property of each control. If a control uses ViewState for property data instead of a private field, that property automatically will be persisted across round trips to the client.

 24)How can you create Session Cookies?

    You can create session cookies by calling the Add method of the Cookies collection on the Response object. The Cookies collection contains individual cookie objects of type HttpCookie.

    //Code to create a UserName cookie containing the name David.

        HttpCookie CookieObject = new HttpCookie("UserName", "David");

        Response.Cookies.Add(CookieObject);

   //Code to read the Cookie created above Request.Cookies["UserName"].Value;

 25)What is the difference between Session Cookies and Persistent Cookies?

      Persistent Cookies are same as Session Cookies except that, persistent cookies have an expiration date.

      The expiration date indicates to the browser that it should write the cookie to the client's hard drive.

      Keep in mind that because a user can delete cookies from their machine that there is no guarantee that a cookie you "drop" on a user machine will be there the next time they visit your site.

 26) What are Persistent Cookies used for?

     Persistent cookies are generally used to store information that identifies a returning user to a Web site.

     Typical information found in Persistent Cookies includes user names or user IDs.

 27) How do you create a Persistent Cookie?

     You create a persistent cookie the same way as session cookies except that you set the Expires property to a Date in the future which will store the Cookie to the client computer harddrive.

     //Code to create a UserName Persistent Cookie that lives for 10 days

            HttpCookie CookieObject = new HttpCookie("UserName", "David");

            CookieObject.Expires = DateTime.Now.AddDays(10);

            Response.Cookies.Add(CookieObject);

     //Code to read the Cookie created above

            Request.Cookies["UserName"].Value;

 28)What is Cookie Dictionary?

    A cookie dictionary is a single cookie object that stores multiple pieces of information. You use the Values property to access and assign new values to the cookie dictionary.

 29)How do you create a Cookie that never expires?

    o Create a Cookie that never expires set the Expires property of the Cookie object to DateTime.MaxValue.

 30)Are Cookies secure?

     No, Cookies are not secure. You must pay attention to the type of data you store in cookies.

      1. Cookies are not designed to store critical information so storing passwords in a cookie is a bad idea.

      2. Keep the lifetime of a cookie as short as practically possible.

      3. Encrypt cookie data to help protect the values stored in the cookie.

 31)Give an example of using querystrings to send data from one page to another?

    Query strings are a very simple and popular technique to pass data from one Web page to the next.

    You send data as part of the URL. In the below example FName and LName are sent as part of the URL.

    In the page load of QueryStrings2.aspx we use Request.QueryString to read the values. As we are sending more than one query string we use the & symbol to seperate query strings.

 32)Code to send query strings FName and LName as part of the URL?

     QueryStrings2.aspx?FName=David&LName=Boon

     protected void Page_Load(object sender, EventArgs e)

          {

           //Code to read Query String values

             string FirstName = Request.QueryString["FName"];

             string LastName = Request.QueryString["LName"];

             Response.Write("Data from QueryStrings1.aspx : " + FirstName + ", " + LastName);

          }

 33)What are the advantages of using Query Strings?

    1. Query strings are easy to implement.

    2. Browser support for passing values in a query string is nearly universal.

    3. Query strings are contained in the HTTP request for a specific URL and do not require server resources.

34)What are the disadvantages of using querystrings to send data from one page to another?

    1. Query strings are insecure because the information in the query string is directly visible to the user on the address line in the browser.

    2. Many browsers impose a 255 URL character limit which can limit their flexibility.

 35) What is a Session?

     A Session is a unique instance of the browser. A single user can have multiple instances of the browser running on his or her machine. If each instance visits your Web application, each instance has a unique session.A session starts when a user accesses a page on a Web site for the first time, at which time they are assigned a unique session ID. The server stores the user's session ID in the Session. SessionID property.

 36) What is the default session timeout period?

     20 minutes.

 37) Where do you generally specify the Session Timeout?

You specify the Session Timeout setting in the web.config file.

 38) : Can you specify Session Timeout in a code behind file?

Yes, can specify the Session.Timeout property as shown below in a code behind file. Session.Timeout = 10;

 39) How do you end a user session?

You can call the Session.Abandon() method to end a user session. If a user then tries to access a page the server will assign them a new session ID and it will clear all the previous session variables. You'll typically use Session.Abandon() on log-out pages.

 40) What type of data can you store in Application State and Session State variables?

Application State and Session State variables are used to store data that you want to keep for the lifetime of an application or for the lifetime of a session. You can store any type of data in the Application or Session state, including objects.

 41) Are Application State or Session State variables type safe?

Ans : No, Application and Session state variables are created on the fly, without variable name or type checking.

 42) Do maintaining Session state affects performance?

Yes

 43) Can you turn of Session state?

Yes, Session state can be turned off at the application and page levels.

 44) Are Application state variables available throughout the current process?

Ans : Yes, Application state variables are available throughout the current process, but not across processes. If an application is scaled to run on multiple servers or on multiple processors within a server, each process has its own Application state.

 45) How do you disable Session state for a Web form?

To turn Session state off for a Web form set EnableSessionState property of the Page to False.

 46) How do you turn Session state off for an entire web application?

In the Web.config file, set the sessionstate tag to False.

 47) What are Application State variables?

Application State variables are global variables that are available from anywhere in the application. All Sessions can access Application State variables.

 48) How to add and remove data to Application State Variables?

//Code to add data to Application State

Application.Add("AppName", "Sample");

//Code to remove data from Application State

Application.Remove("A                ppName");

 49) How do you remove all Application State Variables data?

Ans : //Code to remove all Application State Variables data

Application.RemoveAll();

 50) Session state variables are stored in-process by default.

     To enable Session state in a Web garden or Web farm, you need to specify a Session state provider.