Dave Reed explica en un extenso artículo, los errores que normalmente se cometen al hacer uso del ViewState, las consecuencias de estos errores y las posibles soluciones para éstas.
MISUNDERSTANDING OF VIEWSTATE WILL LEAD TO...
- Leaking sensitive data
- ViewState Attacks - aka the Jedi Mind Trick -- *waves hand* that plasma tv is for sale for $1.00
- Poor performance - even to the point of NO PERFORMANCE
- Poor scalability - how many users can you handle if each is posting 50k of data every request?
- Overall poor design
- Headache, nausea, dizziness, and irreversible frilling of the eyebrows.
WHAT DOES VIEWSTATE DO?
- Stores values per control by key name, like a Hashtable
- Tracks changes to a ViewState value's initial state
- Serializes and Deserializes saved data into a hidden form field on the client
- Automatically restores ViewState data on postbacks
WHAT DOESN'T VIEWSTATE DO?
- Automatically retain state of class variables (private, protected, or public)
- Remember any state information across page loads (only postbacks) (that is unless you customize how the data is persisted)
- Remove the need to repopulate data on every request
- ViewState is not responsible for the population of values that are posted such as by TextBox controls (although it does play an important role)
- Make you coffee
Sin duda una excelente referencia para los que desarrollan aplicaciones con ASP.NET.