Control the valid Cookie range
By default, all the cookies of a site are stored on the client, and all these cookies are sent to the server together with the requests sent to the site. That is to say, each page of the site can obtain all the cookies of the site. However, you may want cookies to be more targeted. In this case, you can set the valid range of cookies in two ways:
Restrict the valid range of cookies to a folder on the server. In this way, the Cookie is actually restricted to an application on the site.
Set the valid range to a domain to allow you to specify which subdomains in the domain can access cookies.
Restrict cookies to a folder or application
To restrict a Cookie to a folder on the server, set the Path attribute of the Cookie as follows:
Dim appCookie As New HttpCookie ("AppCookie ")
AppCookie. Value = "written" & Now. ToString
AppCookie. Expires = Now. AddDays (1)
AppCookie. Path = "/Application1"
Response. Cookies. Add (appCookie)
Of course, you can also directly set Response. Cookies to write Cookies, as described above.
The path can be a physical path under the root directory of the site or a virtual root directory. In this way, the Cookie can only be used for pages in the Application1 folder or virtual root directory. For example, if your site is namedWww.contoso.comThe Cookie generated in the preceding example can only be usedHttp://www.contoso.com/Application1/And all pages in the folder, but not for pages in other applications, suchHttp://www.contoso.com/Application2/OrHttp://www.contoso.com/.
Tip: We can test Internet Explorer and Mozilla browsers to find that the paths used here are case sensitive. Generally, URLs on Windows servers are case-insensitive, except in this case. You cannot control how users enter URLs in browsers. However, if your applications depend on cookies related to specific paths, make sure that the URL in all the hyperlinks you create matches the case of the Path property value.
Restrict the valid range of cookies to the domain
By default, cookies are associated with specific domains. For example, if your site isWww.contoso.comWhen a user requests a page from the site, the Cookie you wrote is sent to the server. (Except for cookies with specific path values, which I have explained in the previous section .) If your site has subdomains (such as contoso.com, sales.contoso.com, and support.contoso.com), you can associate cookies with specific subdomains. Therefore, you need to set the Domain attribute of the Cookie as follows:
Response. Cookies ("domain"). Value = DateTime. Now. ToString
Response. Cookies ("domain"). Expires = DateTime. Now. AddDays (1)
Response. Cookies ("domain"). Domain = "support.contoso.com"
If you set the domain in this way, the Cookie can only be used to specify the page in the subdomain.
You can also use the Domain attribute to create cookies that can be shared in multiple sub-domains. For example, set the domain as follows:
Response. Cookies ("domain"). Value = DateTime. Now. ToString
Response. Cookies ("domain"). Expires = DateTime. Now. AddDays (1)
Response. Cookies ("domain"). Domain = "contoso.com"
In this way, the Cookie can be used for the primary domain, sales.contoso.com, and support.contoso.com.
Read Cookie
When a browser sends a request to the server, the Cookie of the server is sent together with the request. In ASP. NET applications, you can use the Request object to read cookies. The structure of the Request object is basically the same as that of the Response object. Therefore, the method for reading cookies from the Request object is similar to that for writing cookies to the Response object. The following example shows two methods to obtain the Cookie value named "username" and display the value in the Label control:
If Not Request. Cookies ("userName") Is Nothing Then
Label1.Text = Server. HtmlEncode (Request. Cookies ("userName"). Value)
End If
If Not Request. Cookies ("userName") Is Nothing Then
Dim aCookie As HttpCookie = Request. Cookies ("userName ")
Label1.Text = Server. HtmlEncode (aCookie. Value)
End If
Before obtaining the Cookie value, make sure that the Cookie exists. Otherwise, you will get a System. NullReferenceException (English) exception. Before displaying the Cookie content on the page, I call the HttpServerUtility. HtmlEncode (English) method to encode the Cookie content. This is because I want to display the content of the Cookie (generally you do not) and make sure that no malicious user adds executable scripts to the Cookie. For more information about Cookie security, see cookies and security.
Note: Because different browsers store cookies in different ways, different browsers on the same computer may not be able to read their cookies from each other. For example, if you use Internet Explorer to test a page and then use another browser for testing, the latter will not find the Cookie saved by Internet Explorer. Of course, most people generally use the same browser for Web interaction, so in most cases there will be no problems. However, you may still encounter problems, such as testing the browser compatibility of applications.
The method for reading the Cookie neutron key value is similar to that for setting this value. The following is a method to obtain the subkey value:
If Not Request. Cookies ("userInfo") Is Nothing Then
Label1.Text = _
Server. HtmlEncode (Request. Cookies ("userInfo") ("userName "))
Label2.text = _
Server. HtmlEncode (Request. Cookies ("userInfo") ("lastVisit "))
End If
In the above example, I obtained the value of the subkey "lastVist". In the previous discussion, I set this value to the string representation of the DateTime value. Remember that cookies store values in the form of strings. Therefore, to use the lastVisit value as a date, you must convert it:
Dim dt As DateTime
Dt = CDate (Request. Cookies ("userInfo") ("lastVisit "))
The Cookie subkey type is a set of NameValueCollection types. Therefore, another way to obtain a single sub-key is to first obtain the sub-key set and then extract the sub-key value by name, as shown below:
If Not Request. Cookies ("userInfo") Is Nothing Then
Dim UserInfoCookieCollection _
System. Collections. Specialized. NameValueCollection
UserInfoCookieCollection = Request. Cookies ("userInfo"). Values
Label1.Text = Server. HtmlEncode (UserInfoCookieCollection ("userName "))
Label2.Text = Server. HtmlEncode (UserInfoCookieCollection ("lastVisit "))
End If
Just like setting a Cookie, you can decide which method to use to read the Cookie.
What is the validity period?
You can read the name and value of the Cookie. In addition, you need to know a lot about the Cookie. Although you can obtain the Domain and Path attributes, these attributes have limited usage. For example, you can read the Domain attribute, but if your page is not in the same Domain as the Cookie, you will not receive the Cookie at the page location.
What you cannot read is the Cookie expiration date and time. In fact, when the browser sends Cookie information to the server, the browser does not include the expired information. You can read the Expires attribute, but always return a zero date/time value.
In the previous section on Cookie writing, I have already mentioned that the browser is responsible for Cookie management, and the Expires attribute is a good example. The Expires attribute is mainly used to help the browser perform daily management of Cookie storage. From the server perspective, the Cookie either exists or does not exist. Therefore, the validity period is not useful for the server. Therefore, the browser does not provide this information when sending cookies. If you need the Cookie expiration date, you must reset it. I will introduce this in modifying and deleting cookies.
More specifically, you can read the Expires attribute set in the Response object before sending the Cookie to the browser, but you cannot get the validity period information from the returned Request object.