ASP.NET and HTML5 Local Storage


With HTML 5, web pages can store data locally within the user's browser. Earlier, this was done with cookies. However, Web Storage is more secure and faster. The data is not included with every server request, but used only when asked for. It is also possible to store large amounts of data, with affecting the website's performance. The data is stored in Key/Value pairs, and a web page can only access data stored by itself.

HTML5 storage support is designed for two key scenarios. First, it enables a site to work offline. A second feature of HTML5 storage is the ability to provide a local cache for data generally on the server but not subject to frequent change.

There are two new objects for storing data on the client:
  • localStorage - stores data with no expiration date
  • sessionStorage - stores data for one session
LocalStorage is designed as a long-term storage mechanism for data that spans sessions and time, and provides a mechanism for longer-term storage of data. LocalStorage is great for relatively static files or database tables, to increase performance when the data is needed and to potentially offer offline versions of the data.

In contrast, SessionStorage is only persistent for the life of a particular user session. As a result, two simultaneous sessions from the same machine wouldn't be able to share SessionStorage data, making SessionStorage more suitable for temporary session-specific states, such as caching data related to a game state.

One final important concern is browser support. All the major browsers include support for HTML5 storage, including Firefox 3.5, Safari 4, Internet Explorer 8 and Chrome 4. For Browsers' older versions compatiblity checking, before using web storage, check browser support for the localStorafe and sessionStorage:

if(typeof(Storage)!=="undefined")
{
          // Yes! localStorage and sessionStorage support!
          // Some code.....
}
else
{
          // Sorry! No web storage support..
 }
The essentials are a localStorage property on the JavaScript Window object. 

 <!DOCTYPE html>
<html>
<body>

 <div id="result"></div>
<script>
if(typeof(Storage)!=="undefined")
{
     localStorage.lastname="Smith";
     sessionStorage.lastname="Bill";
  
     document.getElementById("result").innerHTML="Welcome " + localStorage.lastname + " & " + sessionStorage.lastname;
}

 else
{
     document.getElementById("result").innerHTML="Sorry, your browser does not support web storage...";
}
</script>

 </body>

</html>

Click F12 using chrome and click on Resources TAB. You can see Local Storage and Session Storage where Data is stored in Key/Value pairds. Notes that each web site has its own storafe area.

 NOTE: A key behavior to note with HTML5 storage is that it only works with strings. Attempting to store anything other than a string will call toString implicitly and store the result. This is true for data types as simple as Date, or more complex ones like arrays.

 This significantly complicates storing data in HTML5 storage, because it requires serializing all data into a string for storage and de-serializing it back out again when retrieving the data. For this reason, it's helpful to provide a simple wrapper around the HTML5 storage, one that automatically handles the serialization to and from a string. Fortunately, this is exactly what JSON is designed to do, so we can rely on this mechanism for storing data. The JSON serialization functionality can be found here; this is natively supported by the latest versions of the major browser, however, so no explicit reference is required.

 Unfortunately, the amount of space available to HTML5 storage varies from browser to browser. This results in the need to check for exceptions related to exceeding the storage capacity.

 try
{
            window.localStorage.name =JSON.stringify(value)
}
catch (exception)
{
            if ((exception != QUOTA_EXCEEDED_ERR) &&
                (exception != NS_ERROR_DOM_QUOTA_REACHED))
            {
                throw exception;
            }

}

 Worth mentioning are two other functions on window.localStorage: clear and removeItem(name). 

Comments

Post a Comment

Popular posts from this blog

Data Bound Controls in ASP.Net - Part 4 (FormView and DetailsView controls)

FormView The FormView control is used to display a single record from a data source. It is similar to the DetailsView control, except it displays user-defined templates instead of row fields. Creating your own templates gives you greater flexibility in controlling how the data is displayed. The FormView control supports the following features: ·          Binding to data source controls, such as SqlDataSource and ObjectDataSource. ·          Built-in inserting, updating and deleting capabilities. ·          Built-in paging capabilities. ·          Programmatic access to the FormView object model to dynamically set properties, handle events, and so on. ·          Customizable appearance through user-defined templates, themes, and styles. Templates For the FormView control to display content, you need to create templates for the different parts of the control. Most templates are optional; however, you must create a template for the mode in which the control is configur
Read more

ASP.net: HttpHandlers

Image
HTTPHandlers: ASP.NET handles all the HTTP requests coming from the user and generates the appropriate response for it. ASP.NET framework knows how to process different kind of requests based on extension. For example, it can handle request for .aspx , .ascx and .txt files, etc. When it receives any request, it checks the extension to see if it can handle that request and performs some predefined steps to serve that request. ASP.NET provides a low-level request/response API that enables developers to use .NET Framework classes to service incoming HTTP requests.So as a developer, One might want to handle some new kind of requests such as requests for .jpg or .gif. ASP.NET provides HTTPHandler to handle requests for .jpg or .gif. An ASP.NET HTTP handler is the process or endpoint that runs in response to a request made to an ASP.NET Web application. The most common handler is an ASP.NET page handler that processes .aspx files. When users request an .aspx file, the requ
Read more

The Clickjacking attack and X-Frame-Options

Clickjacking  Clickjacking is a type of “web framing” or “UI redressing” attack. What that simply means in practice is that: 1. A user (victim) is shown an innocuous, but enticing web page (think watch online video) 2. Another web page (that generally does something important – think add friends on social network) is layered on top of the first page and set to be transparent 3. When the user thinks they are clicking on the web page they see (video), they are actually clicking on the higher layered (framed) page that is transparent There are two main ways to prevent clickjacking: 1.     Sending the proper X-Frame-Options HTTP response headers that instruct the browser to not allow framing from other domains 2.     Employing defensive code in the UI to ensure that the current frame is the most top level window Using X-Frame-Options X-Frame-Options  originally invented by Microsoft for IE8, but supported by a number of browsers, this idea might have more
Read more