Skip to main content

Control State Protection

This option specifies whether the control state information passed to the client side is protected by encryption. Refer to the following help topic for more information: Callback State Encryption.


        <settings protectControlState="true" />
        <!-- ... -->


In order to use the DevExpress Web.config section, register this section group beforehand.

This option is enabled by default.


For security reasons we do not recommend you to set this option to false.

AJAX-enabled DevExpress web controls can coordinate their server and client-side representations by passing fragments of their state (callback state) to the client in response to client callbacks. This option allows you to specify whether or not the callback state should be encrypted.

DevExpress configuration section

Corresponding Class