APS. NET Cookie, aps. netcookie

APS. NET Cookie, aps. netcookie

Cookie provides a way to store user-specific information (such as historical records or user preferences) in Web applications. Cookie is a short text that is transmitted back and forth between the Web server and the client along with the request and response. Cookie contains information that can be read by Web applications each time a user accesses a website.

1. Write Cookie

The browser manages cookies on the client computer. You can use the HttpResponse object to send a Cookie to the client. This object will publish a property called Cookie. Any Cookie that requires the Web application to be sent to the browser must be added to this collection. When writing a new Cookie, you must specify the Name and Value. Each Cookie must have a unique name. In this way, when the browser sends a Cookie along with the request, the Web application can identify the Cookie.

By default, a Cookie is shared by all pages in the same domain. However, you can restrict the Cookie to a specific sub-folder on the website by setting the Path attribute of the Cookie. To allow all pages in all folders of an application to retrieve a Cookie, set the Cookie from the page in the application root folder, but do not set the Path attribute.
If you do not specify the Cookie expiration limit, the Cookie will not be retained on the client computer. When the user session expires, the Cookie will expire.
Cookie can only store values of the String type. Before storing any non-string values in cookies, you must convert them to strings.

HttpCookie myCookie = new HttpCookie ("Cooker"); myCookie ["name"] = "zzh"; myCookie ["today"] = "Friday"; myCookie. expires = DateTime. now. addDays (1); // myCookie. expires. addDays (1); Response. cookies. add (myCookie); // Response. appendCookie (myCookie); myCookie. domain = "abc.com"; // specify the scope of abc.com and sub-Domain names such as a.abc.com can use myCookie. path = "/admin"; // it can only be used for pages in the admin folder or virtual root directory.

2. Read Cookie

For security reasons, you can only read the cookies set for pages in the same domain. If the Path attribute of the Cookie has been set, only the pages and subfolders in the domain Path can use the Cookie.
When reading a specific Cookie value, test whether the Cookie exists and whether it has a value. Otherwise, an exception occurs.
All values in the Cookie are stored as strings. Therefore, to use the Cookie value as another data type, you must convert the value accordingly.

if (Request.Cookies["Cooker"] != null){    string Cooker;    if (Request.Cookies["Cooker"]["name"] != null)    { Cooker = Request.Cookies["Cooker"]["name"]; }}

3. Delete cookies

You cannot directly Delete cookies from your computer. However, you can set the Cookie expiration date to the previous date and let your browser Delete the Cookie. When a user sends a request to the page in the domain or path where the Cookie is set, the browser determines that the Cookie has expired and removes it.

You can call the Remove Method of the Cookie set to Remove the Cookie from the set on the server side so that the Cookie will not be sent to the client. However, if the client already has a Cookie, this method cannot be removed from the client.

if (Request.Cookies["Cooker"] != null){    HttpCookie myCookie = new HttpCookie("Cooker");    myCookie.Expires = DateTime.Now.AddDays(-1d);    Response.Cookies.Add(myCookie);}

Cyclic Deletion

HttpCookie aCookie;string cookieName;int limit = Request.Cookies.Count;for (int i=0; i<limit; i++){    cookieName = Request.Cookies[i].Name;    aCookie = new HttpCookie(cookieName);    aCookie.Expires = DateTime.Now.AddDays(-1);    Response.Cookies.Add(aCookie);}

4. Change Cookie

You cannot directly modify the Cookie. The process of changing a Cookie involves creating a new Cookie with a new value, and then sending it to the browser to overwrite the old Cookie on the client. The following code example shows how to change the Cookie value that stores the number of user visits to the site.

int counter;if (Request.Cookies["counter"] == null)    counter = 0;else{    counter = int.Parse(Request.Cookies["counter"].Value);}counter++;Response.Cookies["counter"].Value = counter.ToString();Response.Cookies["counter"].Expires = DateTime.Now.AddDays(1);

5. Cookie Security

Do not store any key information in cookies. For example, do not store users' passwords in cookies. Do not store passwords temporarily. Generally, do not store any information in cookies, because once it is counterfeited, the security of your application will be compromised. Instead, it saves a reference to the location of the information on the server in the Cookie.
Set the Cookie expiration date to the acceptable shortest time. Avoid using permanent cookies whenever possible.
Encryption of information in cookies is considered.
Set the Secure and HttpOnly attributes of the Cookie to true.

Cookie. Secure = true enables the Cookie to be transmitted only over a Secure Socket Layer (SSL) connection. SSL does not prevent the Cookies stored on users' computers from being read or operated. However, it prevents the cookies from being read during transmission because they are encrypted.