ASP. NET Cookie: No problem

ASP. NET Cookie: common session Status

We are so accustomed to the concept of session state that we forgot that session state was introduced by Active Server Pages (ASP) in 1997. The session status enables developers to persistently save a piece of information about the user during the period during which the user interacts with the application. User-specific information is usually retained for a period of 20 minutes, and the timer starts every time the user returns to the site.

When a user connects to the site for the first time, a new session state will be created in the form of a memory block to store data. At the same time, an ID is also created to uniquely associate it with the current user. When a request is sent, the user is requested to submit the session ID to retrieve and correctly restore the session status. Session ID is a fully-self-generated alphanumeric string between ASP and ASP. NET. How do users manage it and ensure that it is packaged with every subsequent request?

ASP. NET Cookie: Origin and Benefits

The nature of the HTTP protocol is stateless and no one attempts to change it. Almost two decades ago, when Netscape Corporation developed its first browser, it "invented" a persistence mechanism that works over HTTP. It calls it an HTTP Cookie. Interestingly, the term "Cookie" in the computer science industry only represents an opaque piece of data held by an application, which affects users but will never be directly managed by users.

Therefore, the Cookie stores the session ID, while the browser moves the content back and forth between the Web server and the computer of the local user. When a browser with cookies enabled receives a response packet, it searches for additional cookies and stores their content in a text file in a specific folder in the local Windows directory. The Cookie also contains information about the source site. Next, when the browser sends a request to the site, it searches for the Cookie from the domain in the Cookie folder. If yes, the Cookie is automatically appended to the outgoing data packet. The Cookie hits the server application and is detected, extracted, and processed here.

In the end, cookies make Web sites easier to navigate, because they provide the illusion of continuity that inevitably spans multiple requests over the user experience.

ASP. NET Cookie: dangerous program?

For many years, cookies have only been regarded as a technical feature and are largely ignored. A few years ago, the wave around the world targeting Web security focused on cookies. Cookies are determined to contain dangerous programs that can even steal valuable information beyond the physical boundaries of computers.

It is self-evident that cookies are not programs and therefore cannot collect any information on their own-not to mention any personal information about users. More clearly, cookies are a piece of text that can be stored on users' computers for future retrieval and reuse. The stored information is composed of harmless name-value pairs.

The point is that cookies are not part of the standard HTTP specification, so they mean a collaboration between browsers and Web sites. Not all browsers support cookies, and more importantly, not all users enable Cookie support in their own browser copies.

In history, some Web site functions are so closely related to cookies that it is difficult to tell which function is the first to appear. On the one hand, it is much easier to use cookies to encode session Status management and user identity authentication. On the other hand, if you observe the statistics related to the browser used to access the page, you may be surprised to find that a considerable number of users disable cookies during connection. This will inspire developers.

All in all, cookies are not a problem, but their use undoubtedly gives some server code the ability to store a piece of data in the client computer. This indicates some potential security risks and an unsatisfactory overall situation. In some cases and in some countries, applications require cookies to work or even be illegal .)

1. Session and Cookie of ASP. NET form
2. Cookieless attribute in ASP. NET
3. Determine whether the browser accepts cookies in ASP. NET.
4. Introduction to cookie read/write methods in ASP. NET
5. Overview of ASP. NET cookie operations