Cookies
Cookies are used in
state management in web applications to store user-specific information.
A cookie is a small bit
of text that can be read or write using request and response objects. The
cookie contains information the Web application can read whenever the user
visits the site. As the user visits different sites, each site might send a
cookie to the user's browser as well; the browser stores all the cookies
separately. We can use cookies to store user preferences or other information.
When the user visits our Web site another time, the application can retrieve
the information it stored earlier. Cookies stored up to 4096 bytes.
Most browsers allow
only 20 cookies per site; if we try to store more, the oldest cookies are
discarded.
Writing Cookies
Cookies are sent to the
browser via the HttpResponse object that exposes a collection called Cookies. We can access the HttpResponse object as the Response
property of our Page class.
Any cookies that we want to send to the browser must be added to this
collection.We can also set a cookie's date and time expiration.
Response.Cookies["TestCookie"].Value = "TestCookie";
Response.Cookies["TestCookie "].Expires = DateTime.Now.AddDays(1);
HttpCookie demoCookie = new HttpCookie("demoCookie ");
demoCookie.Value = DateTime.Now.ToString();
demoCookie.Expires = DateTime.Now.AddDays(1);
Response.Cookies.Add(demoCookie);
The example adds two
cookies to the Cookies collection,
one named TestCookie and the other named demoCookie. In first the values
of the Cookies collection are set directly. In second method we creates an
instance of an object of type HttpCookie , sets its properties,
and then adds it to the Cookies collection via the Add method.
Reading Cookies
When a browser makes a
request to the server, it sends the cookies for that server along with the
request. In our ASP.NET applications, we can read the cookies using the HttpRequest object, which is
available as the Request property of our page class.
if(Request.Cookies["TestCookie"] != null)
lblCookie.Text = Server.HtmlEncode(Request.Cookies["TestCookie"].Value);
if(Request.Cookies["TestCookie"] != null)
{ HttpCookie demoCookie = Request.Cookies["TestCookie "];
lblCookie.Text = Server.HtmlEncode(demoCookie.Value);
}
Deleting Cookies
We cannot directly
remove a cookie because the cookie is on the user's computer. However, we can
have the browser delete the cookie for us. The technique is to create a new
cookie with the same name as the cookie to be deleted, but to set the cookie's
expiration to a date earlier than today.
HttpCookie demoCookie = new HttpCookie("demoCookie ");demoCookie.Value = DateTime.Now.ToString();
demoCookie.Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Add(demoCookie);
Advantages
1. Cookies do not require any server resources since they are stored on the
client.
2. Cookies are easy to implement.
3. You can configure cookies to expire when the browser session ends (session
cookies) or they can exist for a specified length of time on the client
computer (persistent cookies).
Disadvantages
1. Users can delete a cookie.
2. Users browser can refuse cookie, so your code has to anticipate that
possibility.
3. Cookies exist as plain text on the client machine and they may pose a
possible security risk as anyone can open and tamper with cookies.