Client-side state management
This maintains information on the client’s machine using Cookies, View State, and Query Strings.
A cookie is a small text file on the client machine either in the client’s file system or memory of client browser session. Cookies are not good for sensitive data. Moreover, Cookies can be disabled on the browser. Thus, you can’t rely on cookies for state management.
Each page and each control on the page has View State property. This property allows automatic retention of page and controls state between each trip to server. This means control value is maintained between page postbacks. Viewstate is implemented using _VIEWSTATE, a hidden form field which gets created automatically on each page. You can’t transmit data to other page using view state.
<!--[if !supportLineBreakNewLine]-->Query strings can maintain limited state information. Data can be passed from one page to another with the URL but you can send limited size of data with the URL. Most browsers allow a limit of 255 characters on URL length.
Server-side state management
This kind of mechanism retains state in the server.
The data stored in the application object can be shared by all the sessions of the application. Application object stores data in the key value pair.
Session State stores session-specific information and the information is visible within the session only. ASP.NET creates unique sessionId for each session of the application. SessionIDs are maintained either by an HTTP cookie or a modified URL, as set in the application’s configuration settings. By default, SessionID values are stored in a cookie.
Database can be used to store large state information. Database support is used in combination with cookies or session state.