Is hidden field better to store value instead of session for long access period of time

Question

I wanted to use session to store one important information in it that I need very long (can't extend session life).
But session can expire off course :)

Problem is if user sit and do something I set value in session and if he goes off computer and return after few hours to continue this value will be lost.

My question:
If I save this value in hidden field instead of session will it be there forever (I mean while page is open)?

PS
I don't have time to test(waiting) that's why I ask :)

Answer 1

Depending on your requirements, you can go for a HiddenField. However, since you will be storing important information, make sure you ENCRYPT the value before assigning it to HiddenField. And Yes, this will be present for long.

One fairly good option you can also try is saving your information in ViewState. It doesn’t take up any memory on the server and doesn’t impose any arbitrary usage limits (such as a time-out ). Moreover you can use the built-in Encryption facility provided by Asp.Net

ViewState["UserSSN"] = 1;

if (ViewState["UserSSN"] != null) 
{ 
     _userSSN= (int)ViewState["UserSSN"]; 
}

In case you are using ViewState, you must take countermeasures for its security. Simply turn on encryption for viewstate using the ViewStateEncryptionMode property of the Page directive:

<%@Page ViewStateEncryptionMode="Always" ... %>

Or you can set the same attribute in the web.config file:

<pages viewStateEncryptionMode="Always" /> 

They aren’t bulletproof, but they will greatly increase the effort an attacker would need in order to read or modify view state data.