Video: How Do I: Read, Write, and Delete Cookies in ASP.NET

In this video Chris Pels will show how to read, write, and delete cookies in an ASP.NET application. First, learn the basic operations for manipulating cookies. Then learn approaches to storing multiple values in a single cookie using name-value pairs called subkeys. Next, learn how to limit the scope of cookies to a particular application domain or folder. See how to modify values and expiration dates in existing cookies and how to delete an existing cookie. In addition, several considerations for using cookies are also discussed.

The following text is a software generated transcript of the video. Click on a minute link to jump to a location within the video


Minute 0

Of whole is just as this you will decreed use cookies in an ASP net website to get started recruiting website as many of you know the cookies are small pieces of text that you can associated with a website which are transferred down to the user s computer and stored on the hard disk when the user visits a page on the website cookies can be useless for storing small bits of information like identifiers for the user last date and time the user visits the website and other similar pieces of information score going to do is open up the code behind the default is checked page and I will head a page load event and in the page loaded and what we re going to do is demonstrate various way

Minute 1

He said you can t create and manipulate cookies on his website before you started looking at how to create and use cookies and should understand some of the limitations of cookies first is that they store relatively cited a relatively small amount of information up to 4096 bytes also most browsers limit the number of cookies associate with a particular website and that it is typically around 20 cookies and an overall there s a limit that the browser imposes on the number of cookies across all sites and that is about 300 cookies so consider those factors when you start to plan how to use cookies in association with your website and the lesson of cookies is that all the data is stored as text so it s available for access on the users computer so you would not one is thorny sensitive information in a cookie just information that helps identify a particular user or less visits the site

Minute 2

And other non critical information in case user musical key laws resides in their website as a way to send the cookie information down to the browser and back up to the server in a secure fashion but even though it s secured during the transition process the cookie is still stored as plain text when resized on the user s hard disk the first to look at it is having to write information to cookies and then have the cookie sent down to user s browser and hard disk and all the cookies are stored in a cookies collection which is in the response object so here on the page if we enter or use the response object will see there s a cookies collection and then there are two ways that we can add a cookie to the cookies collection one is tedious to explicitly declare the name of the cookie for example let s say this cookie is just what the daytime of a last visit so called a cookie a less

Minute 3

Visit and then in one of the properties of the cookie is value and wall sign to the value property the current daytime so will say and value date Time to now and we ll said it to strain because remember cookies always store information as a string value only other commonly used features of cookies is to set an expiration date in time for the cookie and the way you do that is to access the cookie and said to a particular proper property related to expiration so let s get at this cookie that we have here will sit response cookies last visit and then we can set the expired property and this is a deep time to innocent the sequel to date Time now add days

Minute 4

And a whole setback to want to look and happened here is his cookie called less is it will expire one day from the current time and as far as how this expiration works in that the data stored in the cookie down on the user s hard disk and then the next time that the brave the user opens up the browser and visits to this website browser looks at the expiration date of the cookie and if the data is passed then the browser would delete the cookie from the user s hard disk that is another approach to doing what we just did up above where we access the cookies collection directly and that is the creating instance of the cookie class so to mention a viable call cookie as a TTP cookie and tool set that equal to a new HDTV cookie and here we specify the name of the cookie in this case will call her last visit and I

Minute 5

Creates the cookie then we set the same properties that we set up a salute to go cookie value and will set that equal to the time that now to strength and will set the expires property and will set that too one day in the future said that one demo we need to do is to add this could lead to the cookies collection of response objects would just go response cookies Ed Pass in the cookie instance that we created and then this set of statements is equivalent to the first one where we access the cookie directly now you can store multiple cookies for these same user s vote will do is add a second cookie here will use the response object to cookies collection directly and what assorted

Minute 6

A user ID and the value and will set that let s say equal to 10 on the expire the same as the first cookie will say userid expires and we ll said that equal to take time to now at one day and so now we have two cookies down on the user s machine once storing the information for last visit and the other storing the userid number nothing to find is that if you store just one piece of information in a cookie you cannot use up the allotment of 20 cookies per website fairly quickly see contained image of another future of cookies that agents or multiple values in the same cookie or so called subkeys and to store last is a news for IT in subkeys we would do it as follows to take the response object cookies collection

Minute 7

And this time within in the cookie user data in memory going to implicitly access except accessing creosote key called last visit and will sign to that key date time now to string and then for the user ID week ago sponsors cookies same cookie user data but will do a different subkey and this will be user ID and so this one will sign a value of 10 and then we can set the expiration date to this single cookie say user data set to expire property equal to date time now and one day

Minute 8

Swivel head of days one and this would have a single cookie with the two values expiring one day from now and as you might see there is an advantage to soy multiple values in a cookie that genetically contains or packages them up and also he only had said the expiration date once in that expiration date applies to all buddy values and subkeys that reside in the cookie they can create this using other syntax up above so they came to mention a cookie call is cookie one as hate to keep the cookie equal to a new HDTV cookie and called its user data and then in cookie one values value but values and here we can set the less the visit

Minute 9

Equal to the the time to now to string and he said a few one that values user ID equal to 10 and we can set the expiration and will set that again can now and head one day and then we had that today to the response cookies collection head N Y at cookie one

Minute 10

Time used to request any page in the website whoever you can restrict what cookies are set to a particular part of the website and that s called scoping cookies and there s two ways that you can scope cookies the first is to scope a cookie to a particular path and many take one of them could easily create previously and it s just take this one here slam on 22 handle pasted down below and we ll change it from cookie one to cookie to and then lower going to do with this cookie to is going to set the path property that will restrict this cookie to a particular path on the website and just change it one more time now if we take cookie to them before we added over going to do is to

Minute 11

And cookie to him and what is said in the past property notice can be set to a physical path for virtual path underneath the website root so this particular case lets you set it to add men so one could happen here with cookie number two is that it s only visible to webpages in the admin folder and below so if the PHS requested by the user is in the admin folder they won t get cookie number to send back up to the server however if the page they re requesting his say in the root of the website or in another subfolder off the mood on the website they would not get a cookie to element of the ways you can scope of cookie is to domain slits take our cookie one will copy and pasted down below them and they just change that

Minute 12

From cookie and 12 23 and change all that and now what we can do is down here after he expires property to consider property called domain to cookie three will go to domain what you can do here is you can set the domain to a specific subdomain because by default whenever a user requests a page from on the website all the cookies for the entire domain are sent back up to the server that we set to domain it restricts it much in the same way that a particular path setting restricts what cookies are sent back so let s set the domain to support to my site com and in this case what can happen is that

Minute 13

And back up to the server if the page is associated with the subdomain support that my site com in this particular case were sitting in domain to a specific set of domain called support within my site com and we could also set the domain equal to just my site com and then that will restrict the cookie to the my site com domain and any subdomains that exists within my site com says a variation on using the domain property next with a look at her week cookies when they re sent from the user s browser or through the user s browser from their hard disk backup to the server in order to do that what once do a score ground to fall to its PX is putting in design mode and just at a label control so we have somewhere to put information is coming from the cookies so corned here will take a label drag and drop that contour design mode service for default is

Minute 14

Acts and will go back into the code that we have that label control the page in order to read the cookie it s pretty much the same as when we wrote the cookie so we ll just say if not and the cookies come up in the request object and a cookies collection and over doing here is testing to see first whether the cookie exists because he could been deleted down on the use of computer so get at the last is a cookie which we wrote previously an endless is not nothing then so in this case will no cookie exists and I will say label one tax and most signs that the value of request cookies last visited cut value which we have sort previously now a good practice since the cookie could have been

Minute 15

Peppered with between the time he wrote it and it coming back up to the server is for lower than it do is take this text that is stored inside the cookie and Windows server HTML encode and that will help prevent any malicious code from being executed here on our server and we can also do a very similar approach before by defining an actual instance of the cookie objects only does copy will head pasted down here and we ll get rid of this line and if we know the cookie exists them all we can do is we can to mention be cookie for in this case as an ATT PE cookie and we can set that equal to the request cookies last visit

Minute 16

Their religious change it to a capital L again and once we have that and we can take our label one text and we can set that equal to the server that HTML encode cookie for that value and that would be equivalent to the previous statement and we can also access the subkeys in much the same way that we wrote then some to say if not request cookies you will take the user data which we wrote down to supper users are just previously is nothing then once we know that cookie exists because a label one text equal to the server that HTML encode making glad to your requests

Minute 17

Is God user data and the subkey of last this is a hand close off with our final privacy so this would access the last visit subkey and we could access any other subkeys in a cookie in the same manner in addition to accessing the subkey value directly with you get added to the values property of the cookie and that property is actually a name value collection so we keep dementia local rival we could for example say to mention cookie collection equal to our other as a system collections specialized name value collection tooth at the request cookies get the user data cookie and then take the values

Minute 18

Opportunity than using a local variable which contains the subkeys with its a label one txt sequel to server HTML encode cookie collection and the nickname of these okay lets a last visit and that is just a different way to approach getting at the subkeys one other thing that you might want to do is modify the value or the expiration date of a cookie and you can actually take an existing cookie and modify either the value or the expiration date on which can do is create a new cookie of the same name change the value what expiration date and then add it to the cookies collection and it would overwrite the existing cookie so for example lets everyone to update the last visit cookie will be could do is we could say response

Minute 19

Cookies last visit and set the value it could set this to the current daytime so you could take a time now destroying and then we could say in response cookies last visit to expires set that equal to the time now Ed Davies one day from now and that would update in the last cookie value currently down on the users computer at deleting a cookie is actually very similar to modifying a cookie again you can directly access the cookie in the user s hard disk so what we could do is change the expiration date to at date prior to the current time

Minute 20

And then the browser would think that the time for expiration of the cookie had already passed and it would automatically delete it to do something like this same response cookies let s say we re going at the last visit cookie and expires property and we would set that equal to the time now Ed days and we would put a minus one which would make it one day earlier than at the current time and that would cause the browser to delete that particular cookie now stored as a teaser concern modification of subkeys is essentially writing a new value to the subkey so the case of user data last visit cookie while we would do is say response cookies user date

Click here to go to original video page