Asp. Basic knowledge of cookie programming in net (2)

Limitations of the asp.net|cookie| programming 2Cookie

Before I begin to discuss the technical details of cookies, I would like to introduce a few of the limitations of cookie application. Most browsers support cookies up to 4096 bytes, and if you want to save a few values to a user's computer, this space is large enough, but you cannot use a cookie to save a dataset or other large amounts of data. In practical applications, you may not want to save a large amount of user information in a Cookie, and you want to save only the user number or other identifiers. Then, when the user accesses your site again, you can use that user ID to find the user's details in the database. (For instructions on saving user information, see Cookies and security.) ）

Browsers also limit the number of cookies your site can save on a user's computer. Most browsers allow only 20 cookies to be saved per site. If you try to save more cookies, the first saved cookies are deleted. There are also browsers that limit the total number of cookies from all sites, which is typically 300.

The cookie limit you are most likely to encounter is that users can set their own browsers and refuse to accept cookies. It is difficult for you to solve this problem, unless you are not using cookies at all but other mechanisms to save user-related information. A common way to save user information is session state, but session state is dependent on cookies. This is explained in the Cookie and session state later.

Note: For more information about state management and the options used to hold information in the Web application, see Introduction to Web Forms State (English), and Management recommendations.
More generally, it is likely that, although cookies are useful in applications, applications should not rely on the ability to save cookies. Cookies can be icing on the cake, but don't use them to support critical functionality. If your application must use cookies, you can test to determine whether the browser accepts cookies. I briefly introduced a test method later in this article to check whether the browser accepts cookies.

Writing cookies

You can use the Response (English) property of the page to write a Cookie that provides an object that enables users to add information to the information that is rendered by the page to the browser. The Response object supports a collection called cookies, which you can add to the Cookie that you want to write to the browser.

Note: The Response object and the Request object that are discussed below are the properties of the page that contains the HttpResponse (English) and HttpRequest (English) class instances. To find information about Response and requests in the document, see the content under HttpResponse and HttpRequest.

When creating cookies, you need to specify a few values. Initially, you specify the name of the Cookie and the value it holds. You can create multiple cookies, each of which must have a unique name so that it is recognized later when read. (Cookies are saved by name, so if you create two cookies with the same name, the one saved will overwrite the previous one.) ）

You may also want to specify the expiration date and time of the Cookie. Cookies are generally written to the user's disk and may then remain on disk. Therefore, you can specify the date and time that the Cookie expires. When a user accesses your site again, the browser checks your site's cookie collection, and if a cookie has expired, the browser does not send the cookie to the server along with the page request, but instead deletes the expired cookie. (Your site may have written more than one cookie on the user's computer, and each cookie has its own expiration date and time.) Note that the browser is responsible for managing cookies on your hard disk, which will affect the use of cookies in your application, which I will be introducing shortly.

How long should a Cookie be valid? This depends on the purpose of the cookie, in other words, depending on how long your application needs the cookie value to remain valid. If you use cookies to count visitors to the site, you can set the validity period to 1 years, and if a user has not visited your site for a year, you can treat that user as a new visitor; If you use cookies to save a user's preferences, you can set it to always be valid (for example, after 50 years), Because it is troublesome for users to reset their preferences on a regular basis. Sometimes, you may need to write cookies that expire in seconds or minutes. In the section on checking whether the browser accepts cookies later in this article, I enumerate an example where the actual validity period of the cookie created in the example is only a few seconds.

Note: Do not forget that users can remove cookies from their computers at any time, so even if you save a valid cookie for a long time, the user can decide to delete all of them, while clearing all the settings saved in the cookie.

If you do not set a cookie's expiration date, you can create a cookie, but it will not be saved to the user's hard disk, but will become part of the user's session information. If the user closes the browser or the session times out, the Cookie is deleted. This non-persistent Cookie is ideal for saving information that needs to be saved for a short time, or for storing information that should not be written to a client computer disk for security reasons. For example, if a user is using a public computer and you do not want to write cookies to a disk on such a computer, you can use a non-persistent cookie.

You can add cookies to the Response.Cookies collection in a variety of ways. The following examples describe two ways to accomplish this task:

Response.Cookies ("UserName"). Value = "Mike"
Response.Cookies ("UserName"). Expires = DateTime.Now.AddDays (1)

Dim Acookie as New HttpCookie ("lastvisit")
Acookie.value = DateTime.Now.ToString
Acookie.expires = DateTime.Now.AddDays (1)
RESPONSE.COOKIES.ADD (Acookie)

The example adds two cookies to the cookie collection, one called "UserName" and the other is called "lastvisit." For the first Cookie, I set the value of the Response.Cookies collection directly. You can use this method to add a value to the collection because the Response.Cookies is derived from a special collection of NameObjectCollectionBase (English) types.

For the second cookie, I created an instance of the cookie object (HttpCookie [English] type), set its properties, and then added it to the Response.Cookies collection using the Add method. When instantiating a HttpCookie object, you must pass the Cookie name as part of the constructor.

The two examples complete the same task, which is to write a Cookie to the browser. Which method you want to take depends largely on your personal preferences. You may find that the second method is slightly easier to set the Cookie properties, but you will notice that the difference is not significant.

In both of these methods, the expiration value must be a DateTime type. The "lastvisited" value is also a date/time value. In this case, however, I have to convert the date/time value to a string, because any value in the Cookie is ultimately saved as a string.