New Features for Better State Control in WebForms Core 2

As you know, version 2 of WebForms Core technology will be released by Elanat soon. In the past days, we have given an extensive description of the revolutionary features and capabilities of version 2, and in the next few days we will reveal other new features.

WebForms Core is a server-based technology, yet it offers revolutionary offline capabilities.

Think of this workflow:

• The server defines the interaction patterns
• The client caches the JavaScript commands and calls
• The user interacts with the application completely offline
• The JavaScript runs locally without contacting the server
• Synchronization occurs when the connection is resumed

This solves the problem of PWA complexity that plagues traditional SPA development.

Better state control

Version 2 of WebForms Core introduces a Checksum mechanism and SHA256 algorithm to enhance data integrity and security. This feature enables the server to verify whether an Action Control has been executed by comparing checksum or hash values generated on the client side.

Client-side functions like SetHash and SetCheckSum compute and store the hash in a global array, while the server uses GetCheckSum (WebForms class) and HasHash (Fetch class) to validate the hash and make logical decisions. New PostBack settings—such as PostBackOptions.SendChecksum and PostBackOptions.ChecksumName—support transmitting checksums during form submissions.

Additional methods for cache and session management have also been added, allowing efficient data storage and retrieval.

New Hash and Checsum features for status control

Sending checksum of POST data

A new feature has been added in version 2 that calculates and sends the checksum when sending Post data. Enabling this option allows you to automatically calculate the checksum of the data when form data is sent to the server.

New settings in WebFormsJS

// Security
...
WebFormsOptions.SendChecksum = false;
WebFormsOptions.ChecksumName = "checksum";

The above settings determine that:

• WebFormsOptions.SendChecksum = false: This option specifies that the checksum is not sent when the form is submitted.
• WebFormsOptions.ChecksumName = "checksum": The name of the checksum field in the form data is set to “checksum”.

After the data is sent, we can calculate the checksum values ​​on the server.

Server code

using CodeBehind;
using System.Text.RegularExpressions;

public partial class ChecksumController : CodeBehindController
{
    public void PageLoad(HttpContext context)
    {
        var requestForm = context.Request.Form;

        string checksum = requestForm["checksum"];
        string requestBody = string.Join("&", requestForm.Select(x => $"{x.Key}={x.Value}"));

        string requestBodyWithoutChecksum = Regex.Replace(requestBody, "&?checksum=[^&]*", "");

        WebForms form = new WebForms();

        if (form.ChecksumCalculation(requestBodyWithoutChecksum) == checksum)
            form.Message("Checksum value is the same");

        Write(form.Response());
    }
}

The Controller class above does the following in order:

1. Gets all the values ​​from the POST request (the form sent from the client) with context.Request.Form.
2. Stores the value of the checksum parameter separately.
3. Converts the entire form to a string like "key1=value1&key2=value2&...".
4. Using Regex, removes the checksum parameter from this string.
5. Calls the ChecksumCalculation() method to calculate the actual checksum of the data.
6. If the calculated checksum is the same as the value sent, it outputs the message "Checksum is the same".
7. Finally, it returns the output with Write(form.Response()).

Note: On the server, you must remove the “&checksum=value” value and then compare the checksum result.

Verifying the previous state of the client

By using the new Hash or Checksum properties, the server can now determine whether the previous Action Control has been executed or not.

How ​​it works:

• Call the SetHash or SetCheckSum functions in the WebForms class on the server
  (These commands calculate the Hash and CheckSum for the Action Controls in WebFormsJS and then add them to a global Hash array.)
• Use the HasHash method in the Fetch auxiliary class on the server
  (By calling the condition section, the existence of the hash values ​​is checked.)

Note: The “ChecksumCalculation” function is available in the WebForms class on the server, but you can only obtain SHA256 through the server programming language functions.

• form.SetHash()
• form.SetChecksum()

Example:

Send data and save static Hash value

public static string StaticHashValue;
...
WebForms form = new WebForms();

form.AddTag("", "h3");
form.SetBackgroundColor("
", "blue");
form.SetHash();
StaticHashValue = SHA256(form.GetWebFormsData());

We can also use Checksum instead of Hash.

...
form.SetChecksum();
StaticHashValue = form.ChecksumCalculation(form.GetWebFormsData());
// or StaticHashValue = form.GetChecksum();

• First the form data is retrieved (form.GetWebFormsData()).
• Then a Hash (SHA256) or Checksum is calculated and stored in a variable (StaticHashValue).
• This value will be used later to check for changes.

Check Hash similarity

form.IsTrue(Fetch.HasHash(StaticHashValue));
form.Message("Hash value is the same");

• Fetch.HasHash(StaticHashValue) checks whether this Hash has already been registered.
• If it is true, the data has not changed and the Action Control has already been executed.
• Then an appropriate message can be displayed ("Hash value is the same").

When Checksums Are Useful

• Data Integrity: Ensures data received by the server matches what was sent by the client.
• Form Change Detection: Helps process only modified data.
• Duplicate Submission Prevention: Detects repeated submissions from user actions or browser behavior.
• Basic Security Layer: Provides lightweight protection against simple tampering or unauthorized changes.

When Checksums May Be Unnecessary

• HTTPS already secures data transmission.
• Very simple forms with minimal fields.
• No server-side validation or logic applied.

Rare Edge Cases to Consider

• Mismatch between UTF-8 (server) and UTF-16 (JavaScript charCodeAt) encoding.
• Text containing characters outside the Basic Multilingual Plane (e.g., emojis) may be decoded inconsistently.

Added ability to add cache and session directly

In version 2, four new methods have been added to the WebForms class on the server that allow cache management:

• AddCacheValue(Value, CacheKey)
• InsertCacheValue(Value, CacheKey)
• AddSessionCacheValue(Value, CacheKey)
• InsertSessionCacheValue(Value, CacheKey)

Example

form.AddCacheValue(Fetch.LoadUrl("https://dev.to/api/category-list"), "category-list");

The above code stores the list of categories in the key “category-list”.

Using

form.AddText("
2", Fetch.Cache("category-list"));

The above code shows how to use Cache.

Note: If you store data in “SessionCache”, you need to use the “Form.Saved” method to access its values.

Difference between Add and Insert in WebForms Core technology:

• If the key does not already exist, both insert new data.
• If the key already exists, the word “Add” at the beginning of the methods causes the data to be added, but the word “Insert” does not insert new data.

Feature Objectives

• Detect Execution: Identify whether a form action was performed.
• Validate Changes: Skip processing if no form changes occurred.
• Prevent Redundancy: Avoid handling duplicate submissions.
• Ensure Integrity: Confirm data consistency between client and server.
• Enhance Security: Provide basic protection against tampering.

Together, these features enable smarter, safer, and more efficient form handling in WebForms Core.