Depending on your requirements, you can go for a HiddenField
. However, since you will be storing important information, make sure you ENCRYPT the value before assigning it to HiddenField
. And Yes, this will be present for long.
One fairly good option you can also try is saving your information in ViewState
. It doesn’t take up any memory on the server and doesn’t impose any arbitrary
usage limits (such as a time-out ). Moreover you can use the built-in Encryption facility provided by Asp.Net
ViewState["UserSSN"] = 1;
if (ViewState["UserSSN"] != null)
{
_userSSN= (int)ViewState["UserSSN"];
}
In case you are using ViewState
, you must take countermeasures for its security. Simply turn on encryption for viewstate using the ViewStateEncryptionMode
property of the Page directive:
<%@Page ViewStateEncryptionMode="Always" ... %>
Or you can set the same attribute in the web.config
file:
<pages viewStateEncryptionMode="Always" />
They aren’t bulletproof, but they will greatly increase the effort an attacker would need in order to read or modify view state data.