product and submit this in its place

■

If all else fails, you can attempt to attack the server-side logic that will

One commonly encountered mechanism for transmitting opaque data via the

client is the ASP.NET ViewState. This is a hidden field that is created by default

in all ASP.NET web applications, and contains serialized information about

the state of the current page. The ASP.NET platform employs the ViewState to

enhance server performance — it enables the server to preserve elements

within the user interface across successive requests without needing to main-

tain all of the relevant state information on the server side. For example, the

server may populate a drop-down list on the basis of parameters submitted by

the user. When the user makes subsequent requests, the browser does not

 submit the contents of the list back to the server. However, the browser does

submit the hidden ViewState field, which contains a serialized form of the list.

The server deserializes the ViewState and recreates the same list that is pre-

sented back to the user again.