HTTP which is extensively used in web
applications is a stateless protocol. To make a piece of information/data
persist between page requests, programmers have to write code in order to
achieve this. This is generally called state management. It can be done in two
ways:
- Client side
- Server side
Cookie is a client side state management
technique. A cookie is a small piece of information stored on the client side by
the server. This small information moves between the client and the server along
with the page requests and responses. That means a web server can read this
information when a client requests for a page.
Cookies are basically used to store user specific information. For example, the
last visit date time or user preferences etc
In this article We are going to create an asp.net web site and create two pages
:
- PageOne.aspx and
- PageTwo.aspx
On PageOne.aspx we will create a new cookie and
on the PageTwo.aspx, we will read cookie value.
As we have said that the server stores the cookie on client side, we can say
that the server achieves this through the RESPONSE object. Now we can create and
send a cookie to the client.
Creating a cookie :
On PageOne.aspx we have placed a TextBox and a button and on the click of the
button, we are going to store the value in the textbox in a cookie.
protected
void btnStoreCookie_Click(object
sender, EventArgs e)
{
Response.Cookies["Username"].Value =
txtUsername.Text;
Response.Cookies["Username"].Expires =
DateTime.Now.AddMinutes(5);
}
![Cookies in ASP.NET]()
The RESPONSE object has the Cookies collecton in which we can store the values,
the above given code creates a cookie "username" and stores the text box value
in it.
The expiration time is set to 5 minutes. After 5 minutes, the cookie gets
automatically deleted from the user's disk.
Retrieve a cookie value :
Now we will read a cookie value on PageTwo.aspx page. For every request, the
cookie is sent to the server from the client in a page request. So we can read
the cookie value using a RESPONSE object.
protected
void Page_Load(object
sender, EventArgs e)
{
if (Request.Cookies["Username"]
!= null)
{
Response.Write("The currently logged in
user is : " + Request.Cookies["Username"].Value);
}
else
{
Response.Write("No cookie found");
}
}
Now we test if we have created a cookie successfully on not!
Run the project to browse the PageOne.aspx page. Enter some value in the text
box and click the store cookie button.
Now close the browser. Run the project with PageTwo.aspx as a start page or
naviagate to PageTwo.aspx in the browser.
You will see the value that you stored into the cookie is shown.
![ASP.NET Cookies]()
Now, browse the PageTwo.aspx page after 5 minutes and you will see that the
cookie has been deleted. A cookie can be deleted explicitly. This can be done by
setting the expires property to a negative value
![Cookies]()
protected
void btnDeleteCookie_Click(object
sender, EventArgs e)
{
HttpCookie deleteCookie =
new HttpCookie("Username");
Response.Cookies.Add(deleteCookie);
deleteCookie.Expires = DateTime.Now.AddDays(-1);
}
Cookies are recommended only when the server needs to store a very small piece
of information on the client side.
This information should never be critical/personal/or some information that
should not be disclosed to intruders.
Also, the server code cannot always rely on the cookie information as the
cookies can also be deleted by the client.
Number of cookies that can be stored depends upon the browser. Also, the size of
cookies in a browser are generally limited to 4kb.