Use of cookies in Asp.net

ArticleDirectory

• 12.2.2 use of cookies
• 12.2.3 cookie Summary

Cookie is a Web applicationProgramIt provides a useful method to save user information. For example, when a user accesses a site, the cookie can be used to save user preferences or other information. In this way, the application can retrieve the previously saved information when the user visits the site next time.

Technically speaking, cookies are data stored on the client in a short segment (if you have installed XP, You can see <install Windows disk>: \ Documents and Settings \ <User Name> \ cookies folder ). When a user accesses a website, the website will give the user a cookie containing the expiration time. After receiving the cookie, the browser stores the cookie in the client folder. When a user accesses a website page, the browser checks the local cookie folder Based on the website URL to check whether the cookie associated with the current website exists. If yes, the browser sends the cookie to the server along with the page request.

You need to know the following about cookies.

· Cookie is a string and cannot be executed.

· Most browsers require that the cookie size not exceed 4 kb, each site can store no more than 20 cookies, and the total number of Cookies stored on all sites cannot exceed 300.

· In addition to cookies, there are almost no other methods to write data on the client machine (even the cookie write operation is performed by the browser ). Of course, even cookies can be disabled through browser security configuration. If you use IE, you can check the "Tools"> "Internet" Options> "privacy" page. Most websites now use cookies to save some data (such as your ID) so that you can directly "continue" the previous configuration when visiting the website, therefore, we recommend that you do not close cookies easily.

When using cookies, you must be aware of the inherent security vulnerabilities. After all, cookies are stored on the client. Therefore, do not store confidential information such as the user name, password, and credit card number in cookies. Do not save content that should not be controlled by users in cookies, or that may be controlled by others who steal cookies.

12.2.2 use of cookies

Next, we will discuss how to save, read, delete, and modify cookies. First, add four buttons on the page to complete these four operations.

<Asp: button id = "btn_savecookie" runat = "server" onclick = "btn_savecookie_click"

TEXT = "Save cookie"/>

<Asp: button id = "btn_readcookie" runat = "server" text = "read cookie"

Onclick = "btn_readcookie_click"/>

<Asp: button id = "btn_modifycookie" runat = "server" onclick = "btn_modifycookie_click"

TEXT = "Modify cookie"/>

<Asp: button id = "btn_delcookie" runat = "server" text = "delete cookie"

Onclick = "btn_delcookie_click"/>

The method for saving the cookie is as follows.

Protected void btn_savecookie_click (Object sender, eventargs E)

{

Httpcookie singlevaluecookie = new httpcookie ("test1", "single-value cookie ");

Singlevaluecookie. expires = datetime. Now. adddays (1 );

Response. Cookies. Add (singlevaluecookie );

Httpcookie multivaluecookie = new httpcookie ("Test2 ");

Multivaluecookie. Values. Add ("key1", "value1 ");

Multivaluecookie. Values. Add ("key2", "value2 ");

Multivaluecookie. expires = datetime. Now. adddays (1 );

Response. Cookies. Add (multivaluecookie );

}

We can see that a cookie can save a single value or multiple values. The httpcookie type indicates a cookie. The expires attribute is used to modify the cookie expiration time. For a single-value cookie, you can specify a value directly in the constructor or use the value attribute to specify a value. For multi-value cookies, you can use the add method of the values attribute to add sub-keys and values, or directly use the index of the values attribute to set sub-keys and values. The above sectionCodeIt is equivalent to the following code.

Protected void btn_savecookie_click (Object sender, eventargs E)

{

Httpcookie singlevaluecookie = new httpcookie ("test1 ");

Singlevaluecookie. value = "Single-value cookie ";

Singlevaluecookie. expires = datetime. Now. adddays (1 );

Response. Cookies. Add (singlevaluecookie );

Httpcookie multivaluecookie = new httpcookie ("Test2 ");

Multivaluecookie. Values ["key1"] = "value1 ";

Multivaluecookie. Values ["key2"] = "value2 ";

Multivaluecookie. expires = datetime. Now. adddays (1 );

Response. Cookies. Add (multivaluecookie );

}

After adding the value, remember to use the response object to return the cookie to the browser. Our server cannot directly write cookies on the client machine, but is done by the browser. Of course, you can also set whether to allow the browser to read and write cookies.

The following is the cookie reading operation.

Protected void btn_readcookie_click (Object sender, eventargs E)

{

Httpcookie singlevaluecookie = request. Cookies ["test1"];

If (singlevaluecookie! = NULL)

{

Response. Write (string. Format ("key: {0} value: {1} expires: {2} <br/>", "test1 ",

Singlevaluecookie. Value, singlevaluecookie. expires ));

}

Httpcookie multivaluecookie = request. Cookies ["Test2"];

If (multivaluecookie! = NULL)

{

Response. Write (string. Format ("key: {0} value: {1} <br/>", "Test2", multivaluecookie.

Value ));

Foreach (string subkey in multivaluecookie. Values. allkeys)

{

Response. Write (string. Format ("subkey: {0} value: {1} expires: {2} <br/> ",

Subkey, multivaluecookie. Values [subkey], multivaluecookie. expires ));

}

}

}

For multi-value cookies, we retrieve all the sub-key values by traversing the string array returned by the allkeys attribute. Before accessing a cookie, you must check whether the cookie exists. Open the page, click "Save cookie", and then click "read cookie" to get the following output:

Key: test1 value: Single-value cookie expires: 0001-1-1 0:00:00

Key: Test2 value: key1 = value1 & key2 = value2

Subkey: key1 value: value1 expires: 0001-1-1 0:00:00

Subkey: key2 value: value2 expires: 0001-1-1 0:00:00

The following points are described here.

· We found that the expiration time of all Cookies cannot be properly displayed. This is because the cookie returned by the browser to the server does not contain the expiration time, And the cookie returned by the server to the Browser contains the expiration time. The expiration time only makes sense for the client browser and does not make sense for the server.

· Directly read the value of a multi-value cookie. It will display all the sub-keys and sub-key values using the key = value method, and connect multiple sub-keys using the "&" method (similar to the URL method ).

The following describes how to delete a cookie.

Protected void btn_delcookie_click (Object sender, eventargs E)

{

Httpcookie singlevaluecookie = request. Cookies ["test1"];

Singlevaluecookie. expires = datetime. minvalue;

Response. Cookies. Add (singlevaluecookie );

}

If you want to delete all cookies, you can traverse and delete them.

Protected void btn_delcookie_click (Object sender, eventargs E)

{

Foreach (string key in request. Cookies. allkeys)

{

Httpcookie cookie = request. Cookies [Key];

Cookie. expires = datetime. minvalue;

Response. Cookies. Add (cookie );

}

}

We always need to remember that the server cannot directly Delete the cookie. The operation to delete the cookie is performed by the browser. Delete is used to set its expiration time to the past time so that the cookie expires. Therefore, there are three steps for the delete operation.

N 1. Obtain the cookie from the request object.

N 2. Set the cookie expiration time to the past time.

N 3. Write the cookie back to response.

4. The cookie modification operation is also very simple.

Protected void btn_modifycookie_click (Object sender, eventargs E)

{

Httpcookie singlevaluecookie = request. Cookies ["test1"];

Singlevaluecookie. value = "Modified Single-value cookie ";

Response. Cookies. Add (singlevaluecookie );

}

12.2.3 cookie Summary

Although cookie is a simple and practical object, we also need to pay attention to the working principle, size limitation, and security of cookie, which can be roughly summarized into the following points.

· Physical storage location. In the cookies folder of the client.

· Storage type restrictions. String.

· Range of status usage. The context of the current request can access cookies, which are independent of each user.

· Storage size limit. Each cookie cannot exceed 4 K data. Each website has no more than 20 cookies. The total number of cookies for all websites cannot exceed 300.

· Lifecycle. Each Cookie has its own expiration time, which expires after the expiration time.

· Security and performance. Stored on the client, with poor security. Encryption is recommended for storing sensitive data.

· Advantages and disadvantages and precautions. You can easily associate websites and users and save user settings for a long time.