hidden field vs viewstate
ViewState is stored in a hidden field and it contains information about the entire page. It can also be encrypted. Because the view state is always sent to the codebehind when performing Postbacks it is very practical as you always get the values. The drawback is that it can get really large if you start putting much information inside it and performance could start to suffer. For example in some AJAX requests you want to only send some small information to the server and if you used UpdatePanels the entire ViewState will be sent and it will contain information that is not necessary.
A hidden field can be viewed in a pages HTML source whereas ViewState is, to say the least, obfuscated and depending on your .net version, can be encrypted to varying degrees.
Hidden field will be better in performance but provides no security and if the post data can be manipulated, be a lot easier to change the ViewState.
Session variables are a good alternative to these.
ViewState internally uses hidden field. It is managed by ASP.NET Engine and is encrypted by default.
On the other hand, with hidden field control, you get to manage what is stored in it. By default, it's not encrypted.
Performance wise, both are same. But, I feel ViewState is more secure. ASP.NET maintains its hash to prevent/identify any tampering with it client side.
You can also use session to store data.