State Management Using Cookies

What are Cookies?

Cookies are nothing but a small pieces of information that are sent by the server and stored in the client's browser. This small piece of information about the user is then sent back by the browser in all subsequent requests to the same URL in the request message.

We can store anything in a cookie; a general example of cookie usage is to store the user preferences, password remembering, storing user options and so on.

Generally, cookies are stored in plain text files in the local disk of the user. Cookies can be accessed from anywhere in the application. Generally cookies are lost after the user closes the browser but we can also have cookies that will persist even after the browser is closed.

Cookies are mainly classified in the following two types:

  1. persistent
  2. non-persistant.

Persistent cookies

As the name itself suggests, these cookies remain persistant in the client's memory even after the browser is closed. They remain permanently in memory until they are explicitly removed or their expiration is reached.

Non-persistent cookies

These cookies do not remain in the client's memory and are lost after the browser is closed.

How to create cookies from code

Generally we use the HttpCookie class to create an instance of a cookie for that session, then add the values that we want to be included in the cookie as key-value pairs. The following code explains this more clearly.

HttpCookie userCookie = new HttpCookie("infoCookie");

userCookie["username"] = "Amogh";

userCookie["City"] = "Hyderabad";

userCookie["Country"] = "India";


//adding the cookie to the Response object. This will be sent to the client on first request from the client.


The example shown above is that of a NON-persistent cookie since it doesn't specify any expiration time for the cookie. If we add an expiration to the cookie object then the cookie will become a persistent cookie. Example code is shown below.

HttpCookie userCookie = new HttpCookie("infoCookie"); 

userCookie["username"] = "Amogh";

userCookie["City"] = "Hyderabad";

userCookie["Country"] = "India";


//adding an expiration to the cookie

userCookie.Expires = DateTime.Now.AddDays(1);


//adding the cookie to the Response object. This will be sent to  the client on first request from the client.



The “Expires” property of the HttpCookie object specifies that the cookie will expire after 1 day of its creation.

Reading values from a cookie

Values from a cookie can be read directly using the Request object of the current HttpContext.

HttpCookie infoCookie = Request.Cookies["infoCookie"];

string city = infoCookie["City"];

Accessing Cookies across domains

It is important to note that cookies are specific to that particular session and also that particular domain. Cookies cannot be shared or accessed across different domains for security purposes.

However, there is a possibility to share cookies across sub-domains. The prerequisite for that is the path where cookies where placed has to be accessible to both the sub-domains. For example, if you have two sub-domains and, then you can probably have the cookie path at
Advantages and disadvantages

The following are the advantages of cookies:

  • Very easy to use.
  • Browser takes care of sending and maintaining cookies from multiple sites

The following are the disadvantages of cookies:

  • Not secure since data is stored as plain text
  • Cookie size is limited to 4KB
  • Some browsers may not support cookies. So care needs to be taken when using cookies in code.

I hope this helps!!

Up Next
    Ebook Download
    View all
    View all