TempData can be quite useful. I often use it for Flash messages or passing simple things between requests.
However, the default implementation uses Session State and is called the SessionStateTempDataProvider. Session State is not exactly ideal for high performance web sites. In particular:
- Session state causes requests to be processed in a single-threaded manner
- Web farms require that Session State not be stored In Process and instead in a State Server or Database
These two issue make it pretty apparent that Session State should be avoided if at all possible.
With ASP.NET MVC you have the ability to configure the TempDataProvider and get rid of the Default implementation in Session State. I created a Cookied based TempData Provider. You can create a provider as long as it matches the ITempDataProvider interface.
One caution about this implementation! This data is not encrypted/decrypted. It is simply serialized binary data stored in Base64 encoding. As such, DO NOT store sensitive data in TempData with this provider.
You can view the source code here: