Quick Overview:
The blog aids you in discovering the fundamentals of ASP net core cookies, by offering a brief definition, and insight into properties. In addition, a practical implementation of cookies is also provided, enabling one to understand the configuration for cookie read, write, and delete operations.

Cookies in ASP.NET

Cookies are used to make the user experience more seamless by remembering the preferences, mail addresses, and all such similar details. For a .NET application, cookies are considered a crucial component. They help in improving the overall functioning and processing of user-specific information.

To help you with cookies in ASP.NET, we have provided a brief overview of its essential factors. It’ll help you read, write, and delete the cookies most appropriately.

What are Cookies in ASP.NET?

Cookies are generally small files sent by the server and saved on the client’s device. It helps the machine to remember some crucial details, such as email ID, selected preferences, phone number, and more. Additionally, sometimes cookies are utilized to retain the webpage state and ensure a seamless experience for each end-user.

In ASP.NET, two primary types of cookies are utilized, namely persistent and non-persistent cookies. In persistent cookies, an expiration timer is configured, which enables the cookies to remain saved even after a browser session is closed. However, once the timer is expired, persistent cookies will also get deleted automatically.

Further, non-persistent cookies are quite the opposite. As soon as the browser or session is terminated, such cookies are deleted on the spot. It depends on the application requirements to use any of the cookies in a .NET application. However, to configure cookies correctly, you should understand the right procedure for using cookies in ASP.NET Core.

The Pros and Cons of ASP.NET Core Cookies

Following are the primary pros and cons of cookies in ASP.NET.

Pros of ASP.NET Cookies

  • It helps store user preferences, which reduces the effort of setting up the webpage according to specific needs.
  • The data accessing mechanism is optimized, enhancing the performance.
  • The user can read the data, as the information in the cookie is in clear text format.

Cons of ASP.NET Cookies

  • If the cookies are breached, the attacker can steal stored information as it’s in clear text format.
  • The requests sometimes can become heavier as cookie details are integrated into each request.
  • The cookie is limited to only 4096 bytes and 20 cookies per website.

The Properties of Cookies in ASP.NET

While implementing the cookies in the ASP.NET application, the following properties are configured. You should understand all the mentioned factors to ensure that cookies work appropriately and efficiently.

1: Domain: the domain name is defined under this property. It’s the domain to which you want to associate the cookies with.

2: Secure:  All the cookies are insecure by default. If an attacker captures a cookie, it can lead to viewing and reading the information included in it. However, by making the secure property true, the HTTPS protocol is utilized to transfer cookies from server to client through an encrypted channel.

3: Value: Value is used for cookie manipulation purposes. It completely depends on the app’s needs, and a .NET developer can easily configure this property accordingly. In addition, it is used mostly to configure the get and set cookie values method.

4: Expires: The term signifies the expiration time and date of a cookie. You can set this value to ensure that a cookie is retained even after the website session is terminated. Also, the cookies will be deleted after the expiration value is matched.

5: Values: It functions similarly to the “Value” property mentioned above. However, it utilizes the key-value pair for manipulation purposes.

6: HasKeys: It can be only used in case of a subkey. If a subkey is available, the value will be true; otherwise, it will be false.  

7: Name: This property is used to define the cookie name. It’s stored at a default path, i.e., “/” or the root directory.

8: Path: The virtual path is defined, which is submitted with the ASP.NET cookie. It limits the cookie scope and ensures that it’s stored and processed through the defined folder.

A Practical Guide To HTTP Cookies in ASP.NET

As ASP.NET is a Microsoft technology, you should follow the steps provided in the official documentation to read, write, and delete the cookie. Below, you can find the configuration of all three operations upon HTTP cookies in ASP Net.

1: Writing a cookie in ASP.NET Application

To write a cookie, follow the below steps.

Step 1: Define an object for the “HttpCookie”.

Step 2: Configure the cookie properties and subkey values according to requirement.

Step 3: Define the cookie under the “Cookies” collection.

Dim myCookie As HttpCookie = New HttpCookie("UserSettings")
myCookie("Font") = "Arial"
myCookie("Color") = "Blue"
myCookie.Expires = Now.AddDays(1)

2: Reading a cookie in ASP.NET Application

To read the cookie, you need a minimum of an ASP.NET web page. You can execute the steps below.

Step 1: Use the key as the cookie’s name and read the “Cookies” string.

Step 2: Refer to the following code.

If (Request.Cookies("UserSettings") IsNot Nothing) Then
    Dim userSettings As String
    If (Request.Cookies("UserSettings")("Font") IsNot Nothing) Then
        userSettings = Request.Cookies("UserSettings")("Font")
    End If
End If

3: Deleting a cookie in ASP.NET Application

To delete a cookie, you have to define its expiration using the following process.

Step 1: Ensure that the cookie already exists. If not, create one and move forward.

Step 2: Configure the cookie expiration date to a time.

Step 3: Define the cookie under the “Cookies” collection object.

If (Not Request.Cookies("UserSettings") Is Nothing) Then
    Dim myCookie As HttpCookie
    myCookie = New HttpCookie("UserSettings")
    myCookie.Expires = DateTime.Now.AddDays(-1D)
End If

Wrapping Up

Cookies are used to store the details specific to a user and are stored on the client device only. Mainly, ASP.NET enables the implementation of only persistent and non-persistent cookies. The only difference between the two is the expiration timer. Also, while implementing cookie functionality, you get the benefit of defining multiple properties, such as value, domain, security, and more, aiding in manipulating cookie usage per need. Thus, the HTTP cookie in ASP Net is quite flexible and easy to define.

Parag Mehta

Verified Expert in Software & Web App Engineering

Parag Mehta, the CEO and Founder of Positiwise Software Pvt Ltd has extensive knowledge of the development niche. He is implementing custom strategies to craft highly-appealing and robust applications for its clients and supporting employees to grow and ace the tasks. He is a consistent learner and always provides the best-in-quality solutions, accelerating productivity.

Related Posts