Developers who are new to programming for the web always have difficulty understanding the problem of maintaining state. The HTTP protocol, the fundamental protocol of the World Wide Web, is a stateless protocol. What this means is that from a web server’s perspective, every request is from a new user. The HTTP protocol does not provide you with any method of determining whether any two requests are made by the same person.
A cookie is nothing more than a little bit of text. You can store only string values when using a cookie. You actually can create two types of cookies: session cookies and persistent cookies. A Session cookie exists only in memory. If a user closes the web browser, the session cookie disappears forever.A persistent cookie, on the other hand, can last for months or even years.
Cookie Security Restrictions
All cookies are domain-relative. If the Amazon website sets a cookie, then the Barnes and Noble website cannot read the cookie. When a browser creates a cookie, the browser records the domain associated with the cookie and doesn’t send the cookie to another domain.
The other important restriction that browsers place on cookies is a restriction on size. A single domain cannot store more than 4096 bytes. This size restriction encompasses the size of both the cookie names and the cookie values.
Finally, most browsers restrict the number of cookies that can be set by a single domain to no more than 20 cookies (but not Internet Explorer). If you attempt to set more than 20 cookies, the oldest cookies are automatically deleted.
Creating Cookies
You create a new cookie by adding a cookie to the Response.Cookies collection.
Protected void Button_Click(object sender, EventArgs e)
{
Response.Cookies[“Message”].Value = txtCookieValue.Text;
}
Creates a new session cookie named Message
Response.Cookies[“counter”].Expires = DateTime.Now.AddYears(2);
When you set a particular expiration date for a cookie, the cookie is stored as a persistent cookie.
Reading Cookies
You use the Response.Cookies collection to create and modify cookies. You use the Request.Cookies collection to retrieve a cookie’s value.
lblCookieValue.Text = Request.Cookies[“message”].Value;
Setting Cookie Properties
Cookies are represented with the HttpCookie class. When you create or read a cookie, you can use any of the properties of this class:
. Domain—Enables you to specify the domain associated with the cookie. The default value is the current domain.
. Expires—Enables you to create a persistent cookie by specifying an expiration date.
. HasKeys—Enables you to determine whether a cookie is a multivalued cookie.
. HttpOnly—Enables you to prevent a cookie from being accessed by JavaScript.
. Name—Enables you to specify a name for a cookie.
. Path—Enables you to specify the path associated with a cookie. The default value is /.
. Secure—Enables you to require a cookie to be transmitted across a Secure Sockets Layer (SSL) connection.
. Value—Enables you to get or set a cookie value.
. Values—Enables you to get or set a particular value when working with a multivalued cookie
Deleting Cookies
The method for deleting cookies is not intuitive. To delete an existing cookie, you must set its expiration date to a date in the past.
Response.Cookies[txtCookieName.Text].Expires = DateTime.Now.AddDays(-1);
Working with Multivalued Cookies
According to the cookie specifications, browsers should not store more than 20 cookies from a single domain. You can work around this limitation by creating multivalued cookies.A multivalued cookie is a single cookie that contains subkeys. You can create as many subkeys as you need.
Response.Cookies[“preferences”][“firstName”] = txtFirstName.Text;
Response.Cookies[“preferences”][“lastName”] = txtLastName.Text;
You can use the HttpCookie.HasKeys property to detect whether a cookie is a normal
cookie or a multivalued cookie.
