Performance Optimization Methods for Passing Values Across Pages in ASP.NET Without Using Session

Introduction

In ASP.NET web application development, passing data between pages is a common requirement. Traditionally, many developers use the Session object to store state information, but this approach can negatively impact application performance. Session data is stored in server memory, and each user session consumes server resources. As the number of concurrent users increases, this can lead to increased server memory pressure and reduced response speed.

Passing Values via Query String

The query string is the simplest and most direct method for passing values across pages, transmitting data through URL parameters. This method is suitable for passing small amounts of non-sensitive information.

Setting Values Example:

Response.Redirect("SecondPage.aspx?UserName=" + Server.UrlEncode(txtName.Text));

Getting Values Example:

string userName = Server.UrlDecode(Request.QueryString["UserName"]);

When using query strings, URL encoding is essential, especially when passing values containing special characters. The Server.UrlEncode method ensures special characters are properly encoded, preventing URL parsing errors.

Passing Values via Cookies

Cookies allow storing small amounts of data on the client side, suitable for scenarios requiring data persistence across multiple pages.

Setting Cookie Example:

HttpCookie userCookie = new HttpCookie("UserInfo");
userCookie.Value = "JohnDoe";
userCookie.Expires = DateTime.Now.AddDays(1);
Response.Cookies.Add(userCookie);

Reading Cookie Example:

if (Request.Cookies["UserInfo"] != null)
{
    string userInfo = Request.Cookies["UserInfo"].Value;
}

Cookies typically have a size limit of 4KB and are stored on the client side, making them unsuitable for sensitive information. The data lifecycle can be controlled by setting expiration times.

Passing Values via Application Variables

The Application object provides application-level data storage, where all users share the same data.

Setting Application Variable:

Application["GlobalCounter"] = 100;

Reading Application Variable:

int counter = (int)Application["GlobalCounter"];

Application variables are suitable for globally shared data. However, since all users share the same data, thread safety must be considered. It is recommended to use Lock and Unlock methods when reading and writing Application variables to ensure data consistency.

Passing Values via HttpContext

The HttpContext.Items collection provides request-level data storage, where data is only valid during the current HTTP request.

Using Server.Transfer to Pass Values:

// Setting in source page
Context.Items["TransferData"] = txtData.Text;
Server.Transfer("TargetPage.aspx");

// Getting in target page
string transferData = Context.Items["TransferData"] as string;

The advantage of HttpContext passing is that data is not exposed in the URL and is only valid within the current request, offering higher security. However, it can only be used when navigating with Server.Transfer.

Cross-Page Postback

ASP.NET 2.0 and later versions support cross-page postback functionality, allowing form data to be directly submitted to another page.

Using PostBackUrl Property:

<asp:Button ID="btnSubmit" runat="server" Text="Submit" PostBackUrl="~/TargetPage.aspx" />

Retrieving Data in Target Page:

// Method 1: Using Request.Form
string inputData = Request.Form["txtInput"];

// Method 2: Using PreviousPage object
if (PreviousPage != null)
{
    TextBox sourceTextBox = (TextBox)PreviousPage.FindControl("txtInput");
    if (sourceTextBox != null)
    {
        string data = sourceTextBox.Text;
    }
}

Cross-page postback maintains ViewState integrity and is suitable for passing complex form data. Using the PreviousPage object allows strongly-typed access to source page controls.

Performance Comparison and Selection Recommendations

Different value-passing methods have distinct characteristics in terms of performance, security, and applicable scenarios:

Query String: Best performance, but data is exposed in the URL, not suitable for sensitive information.

Cookies: Stored on client side, does not consume server resources, but size is limited and may be disabled by users.

Application Variables: Stored in server memory, suitable for global read-only data, requires consideration of thread safety.

HttpContext: Request-level storage, good security, but limited to Server.Transfer navigation.

Cross-Page Postback: Maintains page state integrity, suitable for complex data passing, moderate performance.

In practical development, appropriate methods should be selected based on data sensitivity, data volume, and persistence requirements. For performance-sensitive applications, prioritize query strings and Cookies; for scenarios with high security requirements, consider HttpContext and cross-page postback.

Security Considerations

Regardless of the value-passing method used, data security must be considered:

Avoid passing sensitive information in query strings, such as passwords and personal identification information.

Validate and sanitize user input to prevent cross-site scripting (XSS) attacks.

Use HTTPS protocol to transmit sensitive data, preventing man-in-the-middle attacks.

Regularly clean expired Cookies and Application data to free server resources.

Conclusion

By appropriately selecting cross-page value-passing methods, the performance of ASP.NET applications can be significantly improved. Developers should weigh the advantages and disadvantages of various methods according to specific business needs and choose the most suitable solution. In most cases, combining multiple value-passing methods can achieve the best balance of performance and security.