Cookies
A cookie is a small file which is stored in the visitor’s hard disk drive. This is helpful for storing small and trivial information. A cookie can have a maximum size of 4KB. The web server creates a cookie, attaches an additional HTTP header to the response, and sends it to the browser. The browser will then create this cookie in a visitor’s computer and includes this cookie for all further requests made to the same domain. Servers can read the cookie value from the request and retain the state.
Note: The location where the cookie is stored is completely controlled by the browser. Sometimes it may keep the cookie in its memory instead of creating a file.
Creating and using a cookie is trivial in ASP.NET. The HttpCookie class is a key/value collection which allows storing string values. The following code shows how to create a cookie and send it to the client. Cookies are added using Response property and retrieved using Request
Response.Cookies["id"].Value = “10″;
Since no expiry time specified, a cookie added like the above method will be cleared by the browser immediately when it is closed. If you would like to keep the cookie for a long time, you have to use the HttpCookie.Expires property set with an expiration date. The following code shows how to do that.
// this cookie expires after one day from the date it is set.
// browser will take care about removing the cookies after the expiry time
Response.Cookies["id"].Value = “10″;
Response.Cookies["id"].Expires = DateTime.Now.AddDays(1);
Once you set the cookie, the browser will include it for every request. You read the cookie from the Request.Cookies collection by specifying cookie name. Consider the following code
// for safety, always check for NULL as cookie may not exist
if (Request.Cookies["id"] != null) {
string userId = Request.Cookies["id"].Value;
Response.Write(“User Id value” + userId);
}
Cookies are managed by the browser and will take care about removing expired cookies. If you need to remove a cookie before the expiry period, you have to create a cookie with the same name and with an expiry date that is already passed. This will make browser think that the cookie is expired and will be removed immediately. Here is how you do that
Response.Cookies["id"].Expires = DateTime.Now.AddDays(-1);
Multi-valued Cookies
It is recommended that a browser should not store more than 20 cookies from a domain. Multi-Valued cookie is very handy when you have more items to keep in cookie. To create a multi-valued cookie, you instantiate the HttpCookie instance and set it’s values. Consider the following code
HttpCookie cookie = new HttpCookie(“user”);
cookie["name"] = “ABC”;
cookie["age"] = “22″;
cookie.Expires = DateTime.Now.AddDays(1);
Response.Cookies.Add(cookie);
To retreive
HttpCookie cookie = Request.Cookies["user"];
// for safety, always check for NULL. If cookie doesn’t exist, it will be NULL
if (cookie != null) {
string name = cookie["name"];
string age = cookie["age"];
}
else
// Cookie not exist
A Practical Example
You might have noticed the “Remember me next” time option in most of the websites. This is done using cookies. The following steps will be involved when you choose this option.
When the user checks the “Remember me next time” option, create a cookie with a value to identify the user (eg: user id). When the page loads, check for cookie existence. If it exists, read the cookie value.
Authenticate the value and create a session.
Pros and Cons
A cookie is a very handy and easily usable state management technique. It is useful when you want to keep small information that is needed for long periods of time. The processing overhead of cookies is much less compared to sessions. However, it has the following disadvantages:
* Cookies have a size limitation of 4KB.
* Storing huge information is not possible.
* Cookies can be easily tampered as they are kept in the client’s machine. So additional security checking has to be done when using them.
* The user can disable cookies.
Thanks for reading! Please give feedback and suggestions.
