Cookies in asp.net

Cookies

Cookies are used in state management in web applications to store user-specific information.

A cookie is a small bit of text that can be read or write using request and response objects. The cookie contains information the Web application can read whenever the user visits the site. As the user visits different sites, each site might send a cookie to the user's browser as well; the browser stores all the cookies separately. We can use cookies to store user preferences or other information. When the user visits our Web site another time, the application can retrieve the information it stored earlier. Cookies stored up to 4096 bytes.

 Most browsers allow only 20 cookies per site; if we try to store more, the oldest cookies are discarded.

 Writing Cookies

Cookies are sent to the browser via the HttpResponse object that exposes a collection called  Cookies. We can access the HttpResponse object as the Response property of our Page class. Any cookies that we want to send to the browser must be added to this collection.We can also set a cookie's date and time expiration.

 Response.Cookies["TestCookie"].Value = "TestCookie";

Response.Cookies["TestCookie "].Expires = DateTime.Now.AddDays(1);
 HttpCookie demoCookie = new HttpCookie("demoCookie ");
demoCookie.Value = DateTime.Now.ToString();
demoCookie.Expires = DateTime.Now.AddDays(1);
Response.Cookies.Add(demoCookie);

 The example adds two cookies to the Cookies collection, one named TestCookie and the other named demoCookie. In first the values of the Cookies collection are set directly. In second method we creates an instance of an object of type HttpCookie , sets its properties, and then adds it to the Cookies collection via the Add method.

 Reading Cookies

When a browser makes a request to the server, it sends the cookies for that server along with the request. In our ASP.NET applications, we can read the cookies using the HttpRequest object, which is available as the Request property of our page class.

 

if(Request.Cookies["TestCookie"] != null)
    lblCookie.Text = Server.HtmlEncode(Request.Cookies["TestCookie"].Value);
 if(Request.Cookies["TestCookie"] != null)
{
    HttpCookie demoCookie = Request.Cookies["TestCookie "];
    lblCookie.Text = Server.HtmlEncode(demoCookie.Value);
}

 Deleting Cookies

We cannot directly remove a cookie because the cookie is on the user's computer. However, we can have the browser delete the cookie for us. The technique is to create a new cookie with the same name as the cookie to be deleted, but to set the cookie's expiration to a date earlier than today.

 

HttpCookie demoCookie = new HttpCookie("demoCookie ");
demoCookie.Value = DateTime.Now.ToString();
demoCookie.Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Add(demoCookie);

 Advantages 

1. Cookies do not require any server resources since they are stored on the client. 
2. Cookies are easy to implement. 
3. You can configure cookies to expire when the browser session ends (session cookies) or they can exist for a specified length of time on the client computer (persistent cookies). 


Disadvantages 
1. Users can delete a cookie. 
2. Users browser can refuse cookie, so your code has to anticipate that possibility. 
3. Cookies exist as plain text on the client machine and they may pose a possible security risk as anyone can open and tamper with cookies.

 

Ebook Download
View all
Learn
View all