An ASP.NET wtf

  • This isn't a huge WTF, but it's still a WTF. It wasn't actually a WTF
    while looking at the code either; that happened while remembering it,
    about a year after I wrote it. Yeah, it's my code. :^) I had only been a 'professional' for a few months, and I was just getting into the less obvious bits of ASP.NET.

    Here is the most convenient example (from a code behind file):

                if( refreshFromDB )       

        m_dsBI  =
    ProjectDB.DBPartners.GetBudgetItemList (DBAccess.GetConnection(),

                this.dgBudgetItems.DataSource = m_dsBI.Tables[0];


                ViewState["m_dsBI"] = this.m_dsBI;

    I've anonymized it a little bit. If you don't know ASP.NET, what this
    is saying is that m_dsBI, whatever it is, is getting put into the
    ViewState, which means it gets encoded into a long string of gibberish
    that goes into a hidden form variable. (ViewState itself is a half-WTF
    until you rationalize it as a convenience.)

    This construct is on more than one place in the code for this page. So
    the web client ended up posting about 80k to the server each time, on a
    small data set. (I'm not sure whether this was ever deployed. I was
    moved to other projects.)

    So, that's my little self-WTF. I am absolved.

  • That's not too bad, I've seen it happen millions of times and worse than that.

    The problem is the idiotic default viewstate setting asp .NET has, and
    the uneducated programmers don't know they have to change their

    If you just throw some controls on a page with some codebehind (random)
    without setting some viewstate=false properties, you'll end up with
    huge html source.

    I agree that it's a convenience to have state preserved, but I believe
    viewstate should default to off and ppl should set it to on for stuff
    they want persisted.

    Oh, and on a larger scheme, the whole thing with the viewstate being a
    hidden form field and every link being a javascript postback function
    is really messy

  • The viewstate is actually a fairly clever idea.  It's a terrible implementation though 😉  It is not at all a safe place to put anything because it is only base64 encoded XML.  As long as you don't store huge tables in it it can be very useful for collection of user data.  Obviously never store anything like passwords, queries, connection strings, etc in it.  But, if you have much more bandwidth than server resources (gigabit ethernet for instance) the viewstate can increase the number of users your server can handle.

    Like any tool, you can use it to architect a palace or chisel wtfs to be immortalized here 🙂

  • Discovering your own WTFs is the first step to not being a WTF coder.

    The second step is fixing them (if your position permits you too).

    Congrats on finding it, anybody who hasn't found their WTFs from the past are probably coding WTFs right now.

  • yeah its quite a common wtf

    but i prefer

    Viewstate(key) = guid

    Session(Viewstate(key))  = thetable

Log in to reply

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.