I have a multi step form which uses one model object and I need to persist it between the steps. The object gets saved to the database only after the final step. I have seen people suggest using HTML.Serialize but how secure is this option?
Also my model object will grow as the user fills up the form which means the hidden form field with serialized data will add up size to my HTML output.
Whats the best practice for this kind of situation?
I've use the TempData for this purpose.
You can store an object (a copy of your model data) in TempData, and use it in the next request. If it is not set-back in the next request it will be "destroyed". So you do not have to worry that it is filling up your session.
Think about your Controller as a state machine where every action is a step in the wizard. About the persistence between steps is not big deal anyway is a simple POCO as a Dto, Command which is gonna to be send to your domain interface for validation and processing. You can store it in your IoC, Session, Cache, FileSystem ... I hope you got it. Keep it simple and clean.